News

An ID card software update brings several significant changes

27.06.2017

The main improvement is an application that allows adding timestamps to digitally signed documents in DDOC format to prevent counterfeiting.

During this week, users will see a notification on their computer screen that allows downloading the DigiDoc3 update. By clicking on it, the software will go through the necessary procedures and the user does not have to do anything else.

‘Two major changes to the software deserve attention. First, the stamping application (TeRa) allows adding timestamps to documents that have already been digitally signed. The first digital signatures from 15 years ago were based on a hash algorithm (SHA-1), which may become less secure over time. In order to rule out the possibility of documents being falsified, it would be wise to timestamp them,’ explained Margus Arm, the Head of the eID field at the Information System Authority.

All previous signatures will remain valid but they will be less secure. ‘Later disputes over the authenticity of signed documents in DDOC format that have not been timestamped could lead to major time and money expenditure,’ Arm explained.

Paavo Peterson, the Team Manager of CGI Estonia, the company that developed the TeRa application, added that everyday experience shows that cyber security and related issues are becoming more and more relevant in time and it is positive that the ID card software is being updated consistently, prudently, and with the security of the software users in mind.

Timestamping documents is easy and quick. The application must be run on the computer and it will find any aging digital signatures and move them to a new, cryptographically secure container. All old files will remain in their initial place, and new ASIC-S files, which can be opened with the DigiDoc3 application, will be created. DDOC files should be timestamped by July next year.

The second major update is the distinction of e-signatures. ‘The main thing to consider is the difference between a digital signature and the Smart-ID e-signature. The first is the so-called e-signature of the highest level, which is comparative to a person’s handwritten signature and is recognised everywhere and in all operations. The Smart-ID e-signature, however, is currently subject to some restrictions and cannot be used in operations with the state that require a handwritten signature. The DigiDoc3 application displays a Smart-ID e-signature as valid but also shows a yellow warning that there are certain limitations for accepting the e-signature. The user must make sure whether this e-signature is suitable for this operation or whether the document must be signed with a digital signature, i.e. with an ID card or mobile-ID,’ said Margus Arm.

More information about the update is available on the website https://www.id.ee/en or on the blog of the Information System Authority at https://blog.ria.ee/id-kaardi-tarkvara-uueneb/ (in Estonian).


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close