Transition to BDOC File Format for Digital Signature
Letter of Jaan Priisalu, Director General of Estonian Information System Authority regarding transition to BDOC file format for digital signature.
Dear Partners!
Estonia has started the gradual process of transition to BDOC file format for digital signature. We have been using the well-known DDOC digital signature format for a dozen years and it has served us well. Now, however, the world and the development of e-State is about to reach the point where Estonia was ten years ago, and we need a format for the digital signature that would comply with international standards and be even safer than DDOC.
BDOC is based on standards that all member states of the European Union will have to accept in the near future. This means that should you need to sign a document for an authority or a partner in another EU state, you can use the same BDOC file we are using domestically. Even if you don’t feel the need for such a digital signature today, commonly accepted formats for digital signature will enable the creation of a better common European market in the future. This means that anyone can, for example, sign an employment contract digitally or use the e-services of other countries.
From the new year, the preferred default signing software standard in Estonia will be BDOC. Support for this file format was added to eID software in 2013. Starting from January 2015, the client applications of ID-software will start using the BDOC file format automatically. DDOC will be preserved as an option, but only for the transition period, which will last until mid-2015.
With Mobile-ID issued from January 2015, signatures can be given only in the BDOC format. These MID-s are based on a technology of elliptic curves which has a security lifetime many times longer than the solution used so far. The DDOC signature format does not support elliptic curves, which means that files signed with the DDOC format cannot be signed with the new MID using the DDOC format.
I hope the transition will be smooth, and this requires that support for BDOC should be added to important information systems in Estonia during the second half of this year at the latest. This in turn requires thorough thinking and contributing, therefore I am asking all participants in this process for feedback. Please think it through, which systems/components in your institution and your services use digital signing and/or signature validity verification, and what expenses should be planned for implementing the changes.
These are the places that require updating with new software, so that the system would recognise a digital signature in the BDOC format as well. The task for the next half-year is to guarantee implementation of BDOC in all Estonian e-services. It is also important to think about the future – what will happen to the present DDOC signatures, i.e. how long do you plan to support two formats parallelly and have you also thought about archiving, to ensure the integrity of signatures also in the future, when the tools of criminals may be good enough to conquer the integrity of today’s signatures.
If the changes are not done in time, the automatic validity verification and/or displaying of digital signatures will become a manual job in your institution.
Please send your feedback and questions to the address: pki@ria.ee
Hoping to keep up the good cooperation and to manage the transition smoothly,
Jaan Priisalu
Director General of Estonian Information System Authority