Principles of providing trust services

  • The trust service consisting in issuing a qualified certificate is provided by Enigma Systemy Ochrony Informacji Sp. z o.o., (hereinafter referred to as “Enigma”), under the CenCert brand.
  • The service is provided under Regulation (EU) No. 910/2014 of the European Parliament and of the Council (eIDAS) and the Act of 5 September 2016 on trust services and electronic identification.
  • A qualified certificate issued by Enigma is used to create and verify qualified electronic signatures.
  • The rules for using a qualified certificate, including the rights and obligations of Enigma and Subscriber, are set out in the Policy for qualified trust services. In particular, section 9.8 of the Policy sets out the limits of CenCert’s liability.
  • A qualified electronic signature has legal effect equivalent to a handwritten signature (eIDAS Article 25.2).
  • A qualified electronic signature based on a qualified certificate issued in one Member State is recognised as a qualified electronic signature in all other Member States (eIDAS Article 25.3).
  • The electronic card with a qualified certificate may be used only by the Subscriber whose data have been entered in the certificate. The use of someone else’s card to affix electronic signatures is a criminal act (Article 40.1 of the Trust Services Act).
  • The subscriber may revoke his certificate at any time. If the data of the company/institution are also entered in the certificate, the certificate may also be revoked by that company/institution. Details on the certificate revocation procedure are available on the CenCert website. According to the eIDAS Regulation, CenCert is obliged to revoke the certificate no later than 24 hours after receiving a valid application.
  • The Subscriber should revoke its certificate in each case when the security of the certificate or the related keys stored on the processor card is at risk (e.g. when it has lost the card or when an unauthorised person has access to the card).
  • The certified electronic card is secured with a PIN and PUK code assigned by the Subscriber himself. WE SUGGEST SAVING YOUR PIN/PUK CODES IN A SECURE PLACE. After entering the wrong PIN code three times, the PIN becomes blocked. The locked PIN can be unlocked and changed using the PUK code. After entering the wrong PUK code ten times, the card becomes permanently blocked. For security reasons, CenCert does not have access to your PIN and PUK codes. A blocked card is useless and such a defect is not covered by guarantee.
  • The Subscriber is obliged to check the data in the certificate before its first use. In case of erroneous data – is obliged to immediately contact CenCert in order to cancel the certificate and receive a new one with correct data.
  • Signing with a certificate containing false data is a criminal act.
  • A time stamp issued by a qualified trust service provider shall have the legal effect of a certified date within the meaning of the Civil Code.
  • When providing the time stamping service, CenCert shall not be liable for the tools used for time stamping on the part of the service subscriber, in particular, it shall not be liable for the correctness of calculation of the cryptographic digest from the time stamping data.
  • Complaints about CenCert’s activities and the activities of the Registration Points should be addressed to the Director of CenCert at biuro@cencert.pl or  biuro@enigma.pl.
  • CenCert distributes the following QSCD-certified processor cards according to eIDAS: IAS ECC v1.0.1 sur ID-One Cosmo v7.0.1-n : applet version 1121, masquée sur IDOne Cosmo V7.0.1-n (composant NXP) en configuration Standard dual, Standard or Basic dual
  • For the provision of seal services in server mode, CenCert uses the following QSCD-certified HSM devices according to eIDAS: nShield HSM family v11.72.02