05 — ICP-Brasil

seed

Technical implementation of the Brazilian Public Key Infrastructure. Topology, accredited CAs, certificate types, issuance flows, signature profiles (DOC-ICP-15).

Legal basis: 03-legislation/01-brazil-mp-2200-2.kmd + 03-legislation/02-brazil-law-14063.kmd.

Chapters

File Topic Status
01-architecture.kmd Root CA (ITI), level 1 and 2 CAs, RAs, TSAs, BCAs seed
02-tipos-de-certificado.kmd A1A3A4S1S3S4T3/T4 — full table, validity periods, policy OIDs planned
03-e-cpf-e-cnpj.kmd e-CPF, e-CNPJ, NF-e — canonical DNs, Brazil-specific OIDs planned
04-emissao-remota.kmd Remote A1 via videoconference (Resolution 187/2024); RFB; biometrics; pitfalls planned
05-doc-icp-15.kmd ICP-Brasil signature profiles: AD-RB, AD-RT, AD-RV, AD-RC, AD-RA. Mapping to PAdESXAdESCAdES baselines planned
06-acs-credenciadas.kmd Catalog of operating CAs (Soluti, Certisign, Serasa Experian, AC Caixa, Serpro, Bry, Birdid, …) and their specialties planned
07-bibliotecas-e-sdks.kmd iText, BryToolbox, Lacuna RestPKI, DSS, ICP-Brasil mobile signer; cost/license tradeoffs planned

How these chapters compose in practice

Citizen / company
       │
       ▼
   RA (Registration Authority)        ← in-person / videoconference identification
       │
       │  issues request
       ▼
   Level 2 CA (e.g. AC Soluti)        ← signs the holder's cert
       │
       ▼
   Level 1 CA (e.g. AC Soluti Raiz)
       │
       ▼
   ITI (ICP-Brasil Root CA)           ← signs the entire chain

TSAs = Time Stamping Authorities (ICP-Brasil timestamping, RFC 3161 with Brazilian profile).

BCAs = Biometric Certification Authorities (DOC-ICP-13).

Cross-references

  • 03-legislation/01-brazil-mp-2200-2.kmd — legal framework
  • 02-standards/ — technical formats (X.509, CMS, PAdES, XAdES)
  • 08-timestamping/ — RFC 3161 protocol (basis of ICP timestamps)