Estonia will soon implement stronger cryptography


On the first of February a new version of ID card software will be released. With the new software, it will no longer be possible to issue SHA-1 based digital signatures.

Starting from software version 3.12 it will only be possible to issue digital signatures in the BDOC and ASiC-E formats. These formats rely on the stronger SHA-2 algorithms.

eID cardholders will still be able to work with previously-issued DDOC format signatures using the upgraded software, but they will no longer be able to issue new digital signatures in the DDOC format.

The upgraded software will also feature the ability to remotely install software and eID card certificate updates. 

The ability to remotely install software updates is necessary to facilitate the move from SHA-1 based certificates to those based on the stronger SHA-2 algorithm, which will happen at a later date.  

Specifically, the transition to stronger cryptography will occur after two conditions are met:

  1. A secure and dependable technical solution which can be remotely implemented is available.
  2. Large web service and information systems providers are ready to implement stronger cryptography.

Source: Information System Authority