GRCA(Government Root Certification Authority)
Operating in accordance with High Assurance Level defined in the Certificate Policy of Government Public Key Infrastructure, Taiwan's Government Root Certification Authority (GRCA) is the highest Certification Authority in the hierarchical structure of Government Public Key Infrastructure. Acting as the interface between CAs within and without Government PKI, GRCA is responsible for carrying out cross-certification: issuing and managing the certificates of Level 1 subordinate CAs' within GPKI as well as the certificates of CAs from without. RDEC has delegated CHTD (via fully outsourcing) to carry out the operation and maintenance of GRCA.
Providing service 7/24, the repository of GRCA is where information, such as certificates issued by GRCA and CARL (Certification Authority Revocation List), is posted.
CAs, including principal CAs within and any CAs without Government PKI , that interoperate with GRCA through cross-certification are referred as interoperating CAs. To get grant from GRCA for cross-certification, the applicant CA must comply with the requirements of the Assurance level defined in the cited Certificate Policy. Additionally, the applicant CA must have the capabilities to establish and manage the following aspects:
(1) Public Key Infrastructure;
(2) digital signatures and certificate issuing technology;
(3) the corresponding responsibilities and obligations among CA, RA, and the relying party.
Relying Parties are the entities that rely on the validity of the binding of the Subscriber's name to a public key. The Relying Party is responsible for deciding whether or how to check the validity of the certificate by checking the appropriate certificate status information. The Relying Party can use the certificate to (1) verify the integrity of a digitally signed message, (2) to identify the creator of a message, or (3) to establish confidential communications with the holder of the certificate.
Certification Practice Statement
The Government Root Certification Authority Certification Practice Statement is stipulated following Certificate Policy for the Government Public Key Infrastructure. Complying with the bylaw of Taiwan Digital Signature Bill, the GRCA CPS delineates how GRCA proceeds according to the Fourth Assurance Level (High) to issue and manage the cross-certificates of participating CAs.