Skip to main content
Table of contents

Securing message exchange

GOV.UK Verify uses encryption and signing so that federation members can trust message exchange is secure.

Encrypting and signing messages makes sure:

  • only the intended receiver can see the message
  • the receiver knows who sent the message
  • messages are not tampered with

As a service connecting to GOV.UK Verify, you must maintain separate pairs of private keys and self-signed certificates for your Verify Service Provider (VSP).

Find out more about:

Services that started connecting to GOV.UK Verify before January 2019 are also responsible for keeping Matching Service Adapter certificates up to date. If you’re running a custom service provider instead of the VSP, you must keep the service provider’s certificates up to date.

This page was last reviewed on 27 January 2020. It needs to be reviewed again on 27 January 2021 by the page owner #verify-tech-notifications .
This page was set to be reviewed before 27 January 2021 by the page owner #verify-tech-notifications. This might mean the content is out of date.