LuxTrust: digital trust on a national scale

Created in 2005, LuxTrust delivers and manages the digital identities of Luxembourg citizens and companies and enables them to carry out all their online procedures in complete security. This trusted certification authority and service provider provides a wide range of solutions enabling organisations to digitise their processes in compliance with the latest European standards. 

Through a LuxTrust device or your Luxembourg identity card, you have an electronic identity, mainly in the form of two certificates. The first is an authentication certificate. Thanks to this certificate, you can access any secure web portal on which you are registered, be it online services offered by your bank, your insurance company's platform, government applications (eGov) via MyGuichet or the national agency of shared health information (results of your analyses, history of your medical record, etc.). This connection, which guarantees to your correspondent (the application provider) that it is you and not another person trying to impersonate you, is based on the principle of strong authentication. Also known as multi-factor authentication, it uses at least two of the following to recognize you: what you know (the password, code, passphrase), what you have (the one-time password generation device), who you are (the fingerprint or retinal fingerprint) and what you do (the name of the site, the amount, the type of action).

The second certificate is a digital signature certificate. It allows you to sign electronically documents and online transactions with the same legal value as a handwritten signature. The digital signature can be applied to anything that requires a signature or official stamp: from signing a quotation for work to renovate your home to order confirmations, non-disclosure agreements (NDAs), contracts and accident reports. This certificate is not yet issued by all LuxTrust registrars.

You can choose between two options: either the Luxembourg identity card or LuxTrust products. Since 1 July 2014, Luxembourg identity cards (eID) have been equipped with an electronic chip. This contains LuxTrust authentication and digital signature certificates. You can request their activation free of charge when you apply for the card. However, you will need to equip yourself with a compatible[1] contactless card reader and download software (called middleware) to your computer[2] in order to use them.

Until recently, there were three main LuxTrust devices: the Token, an electronic device the size of a key ring, generating and displaying a code that can only be used once (the One Time Password or OTP); the Smart Card, to be used in combination with an ad hoc reader; and the Signing Stick, a USB drive equipped with a digital signature chip. These three devices have since been joined by two new LuxTrust products: LuxTrust Scan, a unit with an LCD screen and an integrated camera used to scan QR codes to generate an OTP, and the LuxTrust Mobile application.

Whichever device you choose, you must be identified by a LuxTrust registrar. There are two possible scenarios: either you are identified by your bank when you subscribe to the e-banking service (most banks offer you the device and certificate free of charge);or you order a payable device (and certificate) via the LuxTrust website.

[1] Readers are on sale at the Identity Card Service of the Centre des technologies de l'information de l'État (CTIE), 11 rue Notre-Dame in Luxembourg City, as well as in the municipalities participating in the operation.

[2] This software can be downloaded at the following address https://www.luxtrust.com/en/middleware

10/2020