Circular No. 04/2019/TT-BTTTT dated July 05, 2019 of the Ministry of Information and Communications on prescribing the connection between the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority

CIRCULAR

Prescribing the connection between the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority^[1]

Pursuant to the November 29, 2005 Law on E-Transactions;

Pursuant to the Government’s Decree No. 130/2018/ND-CP of September 27, 2018, detailing the Law on E-Transactions regarding digital signatures and digital signature certification services;

Pursuant to the Government’s Decree No. 17/2017/ND-CP of February 17, 2017, defining the functions, tasks, powers and organizational structure of the Ministry of Information and Communications;

At the proposal of the Director of the National Electronic Authentication Center,

The Minister of Information and Communications promulgates the Circular prescribes the connection between the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority.

Article 1.Scope of regulation

This Circular prescribes the connection between the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority.

Article 2.Subjects of application

This Circular applies to the following individuals and organizations:

1. The National Digital Signature Certification Authority;

2. The Government’s specialized digital signature certification authority;

3. Public digital signature certification authorities;

4. Agencies, organizations and individuals using public digital signatures and Government’s specialized digital signatures;

5. Agencies, organizations and individuals developing digital signature use applications.

Article 3.Interpretation of terms

In this Circular, the terms below are construed as follows:

1. “Original digital certificate of the National Digital Signature Certification Authority” means the digital certificate issued by the National Digital Signature Certification Authority for itself.

2. “Original digital certificate of the Government’s specialized digital signature certification authority” means the digital certificate issued by the Government’s specialized digital signature certification authority for itself.

3. “Public digital certificate” means a digital certificate issued by a public digital signature certification authority for a subscriber.

4. “Government’s specialized digital certificate” means a digital certificate issued by the Government’s specialized digital signature certification authority for a subscriber.

5. “SHA-1 digital certificate” means a digital certificate using Secure Hash Algorithm 1 in its digital certificate signing algorithm.

6. “SHA-356 digital certificate” means a digital certificate using Secure Hash Algorithm 256 in its digital certificate signing algorithm.

7. “Public digital signature” means a digital signature created with the use of a private key corresponding to a public key shown in the public digital certificate.

8. “Government’s specialized digital signature” means a digital signature created with the use of a private key corresponding to a public key shown in the Government’s specialized digital certificate.

9. “Mutual recognition model” means a connection model between the two digital signature certification authorities, in which agencies, organizations and individuals using digital certificates issued by a digital signature certification authority may trust original digital certificates of the other authority andvice versa.

Article 4.Connection model

The connection model between the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority is the mutual recognition model.

Reliable original digital certificates of the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority are specified in Article 5 of this Circular.

Article 5.List of reliable original digital certificates

1. The list of reliable original digital certificates includes:

a/ Original digital certificates of the National Digital Signature Certification Authority;

b/ Original digital certificates of the Government’s specialized digital signature certification authority.

2. The list of reliable original digital certificates prescribed in Clause 1 of this Article is provided in Appendix I to this Circular.

Article 6.Information fields in digital certificates of subscribers

1. Information fields in public and Government’s specialized digital certificates must comply with the provisions on format and contents of information fields in digital certificates of subscribers in Appendix II to this Circular.

2. Information fields in public digital certificates not specified in Appendix II to this Circular must comply with the Ministry of Information and Communications’ regulations on public digital certificate formats.

3. Information fields in Government’s specialized digital certificates not specified in Appendix II to this Circular must comply with the Government Cipher Committee’s guidance on Government’s specialized digital certificate formats.

Article 7.Functions of digital signing and checking of validation status of digital certificates or digital signatures of digital signature use applications

1. Regarding the digital signing function: Applications must allow signers who are subscribers of public or Government’s specialized digital signature certification authorities to perform digital signing.

2. Regarding the function of checking of validation status of digital certificates or digital signatures: Applications must allow signers and receivers to check validation status of public digital certificates and signatures, and validation status of Government’s specialized digital certificates and signatures in accordance with Articles 78 and 79 of the Government’s Decree No. 130/2018/ND-CP of September 27, 2018, detailing the Law on E-Transactions regarding digital signatures and digital signature certification services.

Article 8.Organization of implementation

1. The National Electronic Authentication Center (the National Digital Signature Certification Authority) shall:

a/ Assume the prime responsibility for, and coordinate with the Government’s specialized digital signature certification authority in, guiding the implementation of the regulations on information fields in digital certificates of subscribers; and ensuring accurate and secured exchange of reliable original digital certificates of the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority;

b/ Publicize the list of reliable original digital certificates of the National Digital Signature Certification Authority on the website http://www.rootca.gov.vn;

c/ Annually review and propose the Ministry of Information and Communications to update and promulgate the list of reliable original digital certificates upon changes in original digital certificates of the National Digital Signature Certification Authority and the Government’s specialized digital signature certification authority.

2. The Government’s specialized digital signature certification authority shall:

a/ Comply with the guidance on information fields in the Government’s specialized digital certificates;

b/ Publicize the list of reliable original digital certificates of the Government’s specialized digital signature certification authority on the website http://ca.gov.vn.

3. Public digital signature certification authorities shall implement the regulations on information fields in public digital certificates.

4. Agencies, organizations and individuals developing digital signature use applications shall implement the regulations on the functions of digital signing and checking of validation status of digital certificates or digital signatures prescribed in Article 7 of this Circular.

Article 9.Transitional provisions

Subscribers’ digital certificates issued before the effective date of this Circular may continue to be used until they cease to be effective or are proactively converted to comply with the provisions on information fields in digital certificates of subscribers of Article 6 of this Circular.

Article 10.Implementation provisions

1. This Circular takes effect on September 1, 2019.

2. Chief of the Office and Director of the National Electronic Authentication Center, head of the Government’s specialized digital signature certification authority, heads of agencies and units attached to the Ministry of Information and Communications, and related organizations and individuals shall implement this Circular.

3. Any problems arising in the course of implementation should be promptly reported to the Ministry of Information and Communications for consideration and settlement.-

Minister of Information and Communications
NGUYEN MANH HUNG

* All Appendices to this Circular are not translated.