FAQ

 

Classes of certificates

What are the different classes of Digital Signature Certificates?

  • Class 1 : The verification requirements are (i) Aadhaar eKYC Biometric or (ii) paper based application form and supporting documents or (iii) Aadhaar eKYC OTP + Video Verification . The Private Key generation and storage can be in software.
  • Class 2 : The verification requirements are (i) Aadhaar eKYC Biometric or (ii) Paper based application form and supporting documents or (iii) Aadhaar eKYC OTP + Video Verification . The Private Key generation and storage should be in Hardware cryptographic device validated to , FIPS 140-2 level 2.
  • Class 3 : The verification requirements are (i) Aadhaar eKYC Biometric or (ii) Paper based application form and supporting documents and (physical personal appearance before CA or Video verification) or (iii) Aadhaar eKYC OTP + Video Verification . The Private Key generation and storage should be in Hard ware cryptographic device validated to FIPS 140-2 level 2
  • Aadhaar e-KYC-OTP: The verification requirement is Aadhaar eKYC OTP.
  • Aadhaar e-KYC-Biometric: The verification requirement is Aadhaar eKYC Biometric.
    • For more details please refer to section 1.3.5 of X.509 Certificate Policy for India PKI(CCA-CP)

      Whether the same class and/or type of certificates issued by one CA can be different from that issued by another CA?

      No. The same class and/or type of certificates issued by all CAs have the same level of assurance and trust.India PKI follows a Hierarchical PKI model where Root CA certifies CA and CA in turn certifies the subscriber. The India PKI Certificate Policy is applicable to the entire eco-system of CA certificate, subscriber's certificates and key storage medium. The method of verification prior to issuance of same assurance level certificate is as per the IVG. Similarly, the content format and storage medium for all certificates issued by all Licensed CAs are as per Interoperability Guidelines for DSC and X.509 Certificate Policy for India PKI. There is no difference in the certificates of same class and type issued by different CAs. The price of the certificate may however vary from CA to CA.

      Whether all CAs have to mandatorily issue all classes of certificates?

      No. CAs can opt out of issuance of any class(es) of certificates at their discretion. CAs are not allowed to issue any classes of certificates to other than that specified in the India PKI CP and specifically allowed by CCA.