Identity Certificate(s): A certificate primarily issued to individuals. This type of certificate asserts the digital signature and non-repudiation and is primarily used to identify the subscriber to information systems. This certificate can be used to digitally sign e-mail and other documents.

Encryption Certificate(s): A certificate used to establish session keys for encrypted communication. These certificates can be used for encrypting information. This type of certificate asserts encryption and does not assert digital signing or non-repudiation. They contain e-mail addresses to facilitate their use in encrypting e-mail messages. The private keys associated with encryption certificates are escrowed.

Component Certificate(s): A certificate issued to devices such as web servers or routers for limiting access or securing communications. These certificates are issued to web servers and other information systems or infrastructure components to enable them to identify themselves to users or other components, and to enable establishment of encrypted communications between components or between users and components.

Code Signing (Mobile Code) Certificate(s): A certificate issued to digitally sign software obtained from remote systems and executed on a local system without explicit installation or execution by the recipient. These certificates are used to digitally sign executable code to ensure the authenticity and integrity of the code.


Certificate profiles for all ECA certificate types are provided in Section 10 of the ECA CP.