The body in charge of issuance and custody of users' centralised digital certificates for the Cl@ve System will be, within the limits of their competences, the Directorate General for Police (DGP), pursuant to Organic Law 2/1986, of 13 March, on State Security Forces and Royal Decree 1553/2005, of 23 December, on the issuance of the National Identity Document and its electronic signature certificates.
To carry out these relevant functions, the DGP uses the Public Key Infrastructure corresponding to the current DNI.
The DGP, within the extent of its competencies, acts as trust and confidence service provider pursuant to Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust and confidence services for electronic transactions in the internal market and repealing Directive 1999/93/EC, in line with the principles of safety, integrity, confidentiality, authenticity and non-repudiation set forth by Law 59/2003 of 19 December on Electronic Signature and Law 11/2007 of 22 June on Electronic Access by Citizens to Public Services.
The issuance of a centralised signature certificate to the citizen may be carried out by means of two procedures: An automated procedure, carried out when signing for the firs time and a manual one, in which the holder may request on a voluntary basis issuance of the certificate.
In any case, the system will inform the citizen of the fact that the certificate is about to be issued and at that time will request them the generation of their keys.
Signature-creation data must observe the following guarantees:
In practice, they will only appear once.
Reasonable security that the data for creating a signature cannot be found by deduction.
the signature must be protected by means of a security system designed against forgery by applying the technology available at that time.
The legitimate signatory must be able to protect his/her signature creation data to avoid it being used by others.
the data to be signed cannot be modified and must be shown to the signatory before signing.
In any case, generation of certificates must be done in accordance with the requisites set by the law regarding maximum periods of time allowed from the moment when the citizen registered in person.
The IT Division of the Social Security (GISS) shall act as service provider with centralised digital certificate; for that purpose, it must have a backup of the information stored and managed by the DGP required for signature.
On the first screen we may choose the password:
Then we will complete issuance of the centralised signature certificate by writing it on the following section: