IdenTrust provides individually issued digital identity credentials in compliance with the DoD’s External Certification Authority (ECA) Program. ECA certificates can be used to:

  • Establish identity when accessing a protected site, meeting the requirements of NIST SP 800-171;
  • Legally “sign” a document, form or application; and
  • Encrypt messages (email) or documents (such as Adobe PDF) to ensure confidentiality.

If you are a government contractor or sub-contractor and need to meet requirements of the DoD, an ECA certificate is the best choice for you.

ECA Medium Token Assurance certificates are hardware-based and are stored on a FIPS 140-2 Level 2 or higher cryptographic device (either a smart card or a USB Token which is obtained from IdenTrust when purchasing an ECA digital certificate). This ECA certificate is “portable” meaning that it can be used on any computer where the utilities drivers have been installed. This ECA certificate can be purchased with a validity period of 1, 2 or 3 years.

ECA certificates are available via a self-service model in which you order your ECA Medium Token Assurance certificate directly from the IdenTrust website. As a part of the ordering process, you will need to have your identity vetted by a notary or Trusted Correspondent at your organization. (IdenTrust can provide your organization with further information on what is necessary to have an on-site Trusted Correspondent.)

You may purchase your ECA Medium Token Assurance certificate here:

See the bottom of this web page for Hardware Options and Pricing.

Step-by-Step Process

*Hardware certificates must be retrieved using Internet Explorer. Once retrieved, you may use your hardware certificate with any application that supports standard x.509 certificates.

Hardware Options and Pricing

As part of the on-line registration process for hardware certificates, IdenTrust provides an option to select hardware. All hardware offered by IdenTrust in conjunction with Certificates is validated to FIPS 140-2 Level 2 or higher for cryptographic functions. Tokens and smart cards do no expire and may be used for an unlimited number of certificate renewals. Following are hardware options and pricing:


USB Token


Smart Card


Smart Card plus USB Card Reader

Hardware (Smart Cards or USB Tokens) may be purchased with Certificates as part of the purchase process. Purchase of hardware includes a one-time license for middleware and drivers necessary for the hardware to function.