We have been giving digital signatures in DDOC format since 2002 in Estonia. Users have been able to give digital signatures in BDOC format with the Digidoc client application already from the end of 2013 by changing the settings of the application. From 2015, BDOC becomes the primary format of digital signature in Estonia.
The change is driven by technological advancements, which call for the use of stronger digital signatures in the future to ensure cryptographic security. With time, files in the DDOC format will lose their authenticity, as security measures become outdated and can be compromised at some point. This, in turn, means that the authenticity of such signatures will become uncertain. It is therefore not possible to store the signature for long time periods in its current format.
In practice, this means that the default signature format for all users of the Digidoc client application will be BDOC. DDOC signatures can be given in the future as well. According to the current schedule, the option of giving DDOC signatures is planned to be closed in the Digidoc client application at the beginning of 2016. All this is relevant to the everyday user that uses the Digidoc client application for digital signing. The most important consideration for an everyday user is the fact that files in the BDOC format cannot be opened on the computer with ID software older than version 3.8. When this happens, new software should be downloaded from the website https://installer.id.ee. Not much else will change for a user, as the procedure of signing shall remain the same. Version 3.10 of the DigiDoc3 client application will be published by March 2015 at the latest with BDOC as the default format of signing, i.e. all new digitally signed documents will automatically be BDOC files. The DDOC option shall be retained as a choice in the settings. Existing DDOC files will still be signed in the DDOC format and BDOC files in BDOC format. The option of giving DDOC signatures in the Digidoc client application will be removed by 2016 latest.
Changes of information systems and services are managed by their owners. It is therefore up to the system administrators to decide, when and according to which schedule to transfer the system to BDOC. We advise to create support for the BDOC format at the earliest opportunity and end the creation of new DDOC files by the beginning of 2016 at the latest. System developers and service providers have digidoc libraries (c++ and Java language applications) which support BDOC signatures. Organisations need to map all their information systems that create and process digitally signed files. These systems need to be updated, so that they would open and validate documents in BDOC format without errors. A majority of organisations have already started with the transition. Materials necessary for development are available at https://www.id.ee/?lang=en&id=35779.
If these alterations are not done, then information systems might not recognise the files as digitally signed. The information systems will process them as regular data files and the BDOC files need to be downloaded on the computer to check the signatures. Check-up of documents might therefore take more time than usual during the transition period. Additionally, ID software version 3.8 or newer needs to be installed on the computers of organisations as otherwise, it is not possible to open downloaded BDOC documents.
In 2015, mobile service operators start releasing new Mobile-ID SIM cards, which use a new cryptographic algorithm. As the current DDOC format does not support this new technology, it is impossible to sign in DDOC format with the new Mobile-ID. AS Sertifitseerimiskeskus will make a relevant change in the Mobile-ID core service (https://www.id.ee/index.php?id=36458) to ensure that Mobile-ID also allows DDOC signatures. The date of introducing the new SIM cards differs across mobile operators, but based on applications received by the Republic of Estonia, Information System Authority, EMT, Elisa as well as Tele2 should be ready for it by the end of the first quarter of 2015.
The Information System Authority plans to develop a service for validating historic, as well as less-spread types of digital signatures. For this, we have applied for funds from the European Regional Development Fund. The decisions on funding applications will presumably be made in late January or February. We can further discuss the completion date of the service once preliminary procurement procedures have been concluded.
Merje Kaasan, Riigi Infosüsteemi Amet, teenusehaldur
