What's to prevent a Digiprove certificate from being forged?
Your certificate is digitally signed and time-stamped in the "p7s" file which is
sent to you by email. This signature can be verified by all modern operating
software such as Windows simply by double-clicking on the file. We use
proven high-strength digital signatures adhering to the latest industry standards.
To assure yourself that a given certificate is actually from Digiprove,
you can check that the signer is firstname.lastname@example.org, and that the certificate
is itself signed by VeriSign, which is recognised as a "root authority"
in all available operating systems. You can check this information yourself by
right-clicking the .P7s file and reviewing its properties.
You can also perform this verification online at
Digiprove Verify. Finally, you can perform this
validation offline on your own Windows PC by downloading the
Digiprove Validator program.
We keep an audit trail of all issued certificates and we publish the digital fingerprint
of that audit trail. The purpose of this is to provide proof to an independent
third party, if it were ever needed, that the Digiprove certificate was indeed issued
at the time and date specified, not in any way back-dated.
The net effect of all of this is that a back-dated Digiprove certificate simply
cannot be created.