Next steps in developing digital signature
Over 150 million digital signatures have been given in a little more than 12 years together. We thank you for your contribution to the development of e-Estonia. We definitely hope to continue our successful cooperation.
As security is ever important, we are taking a step forward and, by working with you, wish that digital signatures will be in BDOC format from 1 January 2015. The BDOC format has been developed according to Estonia’s vision to unify digital signatures given in the European Union. Transition is a common development for a format, and BDOC uses more modern crypto algorithms. We suggest to plan developments for BDOC support implementation in information systems by the second half of this year the latest.
BDOC enables the verification of a signature through means compatible with the international ETSI standard, which means that signatures are internationally accepted. Our goal is to achieve uniformity of formats, common use and digital signatures that are unambiguously comprehensible across borders.
The support for BDOC already exists in SK’s services (DigiDocService, DigiDoc portal) and DigiDoc libraries. Soon we will publish a new version of digital stamping software TempelPlus, which also creates signatures in the BDOC format. In the ID-software version published at the end of the year, the format for signatures will be BDOC by default. The transition means that .ddoc files will remain readable, but new signatures will be given in the BDOC format.
From 2015 onwards, we are increasing the security of Mobile-ID, going from the current RSA1024 key length to the use of elliptic curve cryptography (ECC). With the use of elliptic curves in Mobile-ID certificates, signing will only be supported in the BDOC format. When using the Mobile-ID test number even today, you can verify the conformity of the system with the crypto algorithms of ECC.
In the autumn, a new version of the ID-card chip application will be adopted. The changes necessary for the adoption of cards with the new chip application generally involve services and applications that directly communicate with the card (such as access systems, card reading terminals and others). To test the services, you can order test cards from SK.
Our goal is to offer you complete solutions. To this end, we are adding a time stamping service to SK’s product portfolio. The service uses public key infrastructure (PKI) and a trustworthy time source determination that ensures a secure and internationally recognised RFC 3161 standard based service.
Please book 6 November on your calendar for the SK’s Annual Conference where we will talk about these and other exciting topics.