News

Developer newsletter # 5

23.04.2014

Newsletter is being distributed by email and is also made available as a news article on the id.ee website. 


Information systems developments for BDOC support implementation should be planned at latest by the second half of this year. Restrictions on signing in DDOC format will be applied in the middle of 2015. BDOC 2.1 format transition schedule can be found here

  • JDigiDoc library version 3.8.1 has been released. Added support for BDOC 2.1 format and some important security fixes compared to 3.7.x version. For security reasons it is always important to use the latest library version. New library and full list of changes can be found here.
  • ID-software version 3.8 now also contains multiplatform Libdigidocpp C++ library that supports BDOC 2.1 format. This library is to help developers and integrators when doing new developments in C++ and C environments and also for migrating from C and Windows COM libraries (more information).
  • DigiDocService web service now supports Mobile-ID signing in BDOC 2.1 format. DigiDocService release notes can be found here.
  • Starting from 2015 the Mobile-ID certificates will contain elliptical curves and digital signing with these certificates is only possible in BDOC format. By using the Mobile-ID test number the e-service providers can confirm during authentication if their systems are compatible with ECC crypto algorithms  Mobile-ID test numbers can be found here
  • The opinion poll organized by the Estonian Centre for Standardisation regarding the standard prEVS 821 "BDOC. Digitaalallkirja vorming" continues in April (more information). The standard is based on BDOC 2.1 specification, which is also the basis for documents created in BDOC 2.1 format by ID-software.  To read and give feedback on the standard's draft, please write to lauri at evs dot ee.
Important changes and improvements to ID-software that require attention and changes to information systems. 
  • From ID-software (both libraries and end-user software) version 3.8 and DigiDocService web service version 3.5.1 the digitally signed document validation principles have changed so that some container format errors can be regarded as warnings. The document with a warning is legally valid but changes to the document (adding and removing signatures) can be restricted from ID-software version 3.7.0. The information regarding the display of warnings in DigiDoc3 client can be found here. To display warnings when using DigiDoc libraries and DigiDocService it's required to make changes to the software client layer (more information).
  • There will be significant changes to digital signing in web browsers using ID-card. Changes are necessary because NPAPI plugin support will be completely removed from Chrome by the end of 2014. (more information). In a near future there will be a release of new digital signing module for Chrome browers under Linux and important changes to JavaScript library (more information) that simplifies digital signing on the web. 
Announcements from Sertifitseerimiskeskus
  • Sertifitseerimiskeskus has routed all e-services to completely renewed DigiDocService platform. The new platform enables Lithuanian Mobile-ID users to access e-services in addition to Estonians. It's also possible to ask the service for certificate validity information for Lithuanian, Finnish and Latvian ID-cards. All changes and improvements can be found here.
  • Information required for testing SK services can now be found here. The openxades.org website has been closed and all the information has been migrated to the id.ee website "Develop services" section. 
  • In couple months Sertifitseerimiskeskus will start issuing organizational certificates from a new certificate chain (more information). Also instead of SHA-1 the new organizational certificates will use newer SHA-256 hashing algorithm (more information) and certificates will only be issued to 2048 bit RSA key. SSL server certificate (previously web server certificate) will include Authority Information Access extension that contains public OCSP-service URL that gives validity information only regarding SSL server certificates. In the near future the SHA-256 hashing algorithm will also be used in Digi-ID, Mobile-ID and ID-card certificates. 
  • The validity period of newly issued Mobile-ID certificates shall be limited starting from 01.05.2014 (more information).
Published studies and ID-software information day materials
  • Presentation slides for ID-card information day that took place on 12.03.2014 can be found here. The information day gave an overview about the trends in cryptoalgorithm security, threats and security measures and their implementation.  
  • RIA sponsored study (end of 2013) of how to anticipate cryptography related vulnerabilities can be found here
  • Arnis ParÅ¡ovs's interesting research paper (examples based on Estonia) about practical security and usability of authentication based on TLS client certificates can be found here
 
AS Sertifitseerimiskeskus

ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close