News

Developer newsletter #8

19.06.2015

This is the latest Sertifitseerimiskeskus developer newsletter containing important information about changes in signing in Chrome and a fresh study on encryption algorithms. In addition, you are invited to test signing with the ID-cards of neighbouring countries.

Changes in the Chrome web browser

Changes in Chrome web browser require updates in all e-services
While Chrome web browser partially disabled support for NPAPI based digital signing plug-ins in April, Google will remove the override in August. From version 45, it will also not be possible to switch in NPAPI support manually. This means that all e-service providers must make updates in their information system; otherwise, digital signing with an ID-card via the Chrome web browser will not be possible in your e-services. Click here for instructions.

Important information for developers

It is the last moment to implement transition to BDOC file format
By 2016, support for DDOC format in the DigiDoc3 client for signing files and adding signatures will be disabled. It will only be possible to verify signatures. If you have not yet implemented a transition to the BDOC format, it is the very last moment to plan the deployment of the BDOC format! You can choose a suitable solution for transition to a new format from here.

Support for Windows XP in ID-software has been disabled
Effective from 1st of June, the ID-software is no longer available for users of Windows XP. Every ID-software version has a fixed lifetime on when and in which operating systems it is supported.

Important information for users of IIS 7 web server
Users of the IIS 7.x web server are notified that version 3.10 of the ID-software has been changed in a way that may cause authentication with the ID-card in your e-services to fail. Instructions for changing the server setup are available here.

Support for RC4 algorithm to be disabled in connecting to DigiDocService
In connection with weaknesses in the RC4 encryption algorithm, Sertifitseerimiskeskus will disable support for RC4 in the TLS connection of the DigiDocService web service from September 2015. Read more on how to test.

News

Abolish 1024-bit keys!
Commissioned by Information System Authority (RIA), a new study has been completed on the lifecycle of encryption algorithms. According to Toomas Vaks, Deputy Director-General of RIA, it is important to abolish 1024-bit keys as soon as possible everywhere. For the next five years, 2048-bit keys and, in the long-term, 3072-bit keys at a minimum should be used. The study is available here.

SK updated the service for issuing SSL certificates
Sertifitseerimiskeskus has issued a new intermediate certificate KLASS3-SK 2010 that has a more robust hash algorithm. If the SSL server certificate that you acquired from Sertifitseerimiskeskus is valid for longer than 31 December 2014, you need to start using the new intermediate certification in your server immediately. For more information click here.

Support for neighbouring countries in the DigiDoc3 client
The DigiDoc3 client now enables people to verify digital signatures given by Lithuanian Mobile-ID or Latvian, Lithuanian or Finnish ID-cards and to use these cards for signing. For more information click here.

 

Sertifitseerimiskeskus


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close