Central Key Generation

You should submit report to us through the Compromised Key Reporting web page. We will verify the report and revoke the d-Cert (Server) in accordance with the procedures in the CPS within 24 hours.

The Central Key Generation Service is applicable to d-Cert (Personal), d-Cert (Organisational) and d-Cert (Encipherment) certificates.

HKCA generates the key pair (including the Private key and Public Key) of a d-Cert (Personal) / (Organisational) / (Encipherment) on behalf of the Subscriber and creates the corresponding d-Cert. The key generation and d-Cert creation process are performed in a trustworthy manner and environment within HKCA’s data centre, ensuring the integrity and confidentiality of the key pair and preventing any form of tampering. The generated key pair and d-Cert will be protected by a PIN and stored as a d-Cert file, which is delivered to the Subscriber exclusively through secure online channels. The Subscriber is required to open the d-Cert file using the PIN, which is distributed separately to ensure security.

A Private Key is said to be compromised if its value has been disclosed to an unauthorised person, or an unauthorised person has had access to it.

We strongly recommend that you submit request to revoke your certificate.