05 — ICP-Brasil
Technical implementation of the Brazilian Public Key Infrastructure. Topology, accredited CAs, certificate types, issuance flows, signature profiles (DOC-ICP-15).
Legal basis:
03-legislation/01-brazil-mp-2200-2.kmd+03-legislation/02-brazil-law-14063.kmd.
Chapters
| File | Topic | Status |
|---|---|---|
01-architecture.kmd |
Root CA (ITI), level 1 and 2 CAs, RAs, TSAs, BCAs | seed |
02-tipos-de-certificado.kmd |
A1A3A4S1S3S4T3/T4 — full table, validity periods, policy OIDs | planned |
03-e-cpf-e-cnpj.kmd |
e-CPF, e-CNPJ, NF-e — canonical DNs, Brazil-specific OIDs | planned |
04-emissao-remota.kmd |
Remote A1 via videoconference (Resolution 187/2024); RFB; biometrics; pitfalls | planned |
05-doc-icp-15.kmd |
ICP-Brasil signature profiles: AD-RB, AD-RT, AD-RV, AD-RC, AD-RA. Mapping to PAdESXAdESCAdES baselines | planned |
06-acs-credenciadas.kmd |
Catalog of operating CAs (Soluti, Certisign, Serasa Experian, AC Caixa, Serpro, Bry, Birdid, …) and their specialties | planned |
07-bibliotecas-e-sdks.kmd |
iText, BryToolbox, Lacuna RestPKI, DSS, ICP-Brasil mobile signer; cost/license tradeoffs | planned |
How these chapters compose in practice
Citizen / company
│
▼
RA (Registration Authority) ← in-person / videoconference identification
│
│ issues request
▼
Level 2 CA (e.g. AC Soluti) ← signs the holder's cert
│
▼
Level 1 CA (e.g. AC Soluti Raiz)
│
▼
ITI (ICP-Brasil Root CA) ← signs the entire chainTSAs = Time Stamping Authorities (ICP-Brasil timestamping, RFC 3161 with Brazilian profile).
BCAs = Biometric Certification Authorities (DOC-ICP-13).
Cross-references
03-legislation/01-brazil-mp-2200-2.kmd— legal framework02-standards/— technical formats (X.509, CMS, PAdES, XAdES)08-timestamping/— RFC 3161 protocol (basis of ICP timestamps)