Securing message exchange
GOV.UK Verify uses encryption and signing so that federation members can trust message exchange is secure.
Encrypting and signing messages makes sure:
- only the intended receiver can see the message
- the receiver knows who sent the message
- messages are not tampered with
As a service connecting to GOV.UK Verify, you must maintain separate pairs of private keys and self-signed certificates for your Verify Service Provider (VSP).
Find out more about:
Services that started connecting to GOV.UK Verify before January 2019 are also responsible for keeping Matching Service Adapter certificates up to date. If you’re running a custom service provider instead of the VSP, you must keep the service provider’s certificates up to date.