Remote updating of Estonian ID card certificates begins today
Estonia starts the gradual roll-out of remote updates that will enable Estonian digital ID cards to make use of stronger cryptographic algorithms and conform to the highest security standards. Certificates will be updated remotely in several waves during the year.
The first wave of updates does not affect e-residents of Estonia but e-residents will receive updates in the course of the following months. Card owners will be personally notified about updates via an e-mail from the Police and Border Guard Board of Estonia.
To perform the update, card owners need to download the ID-software version 3.12.2 from installer.id.ee, install it on their computer, and follow the on-screen instructions. In the process of the update, cards will receive new certificates that are based on the SHA-2 algorithm, which is stronger than the previous algorithm.
During the first phase of the update, 155,000 cardholders can update their cards by upgrading their certificates. These cardholders have Estonian ID cards or residence cards that were issued between 2011 and 2014 and which only need the renewal of the certificates (compared to the subsequent cards which also need on-card software replacement).
If the ID card utility software does not prompt the cardholder to update, the update period for the cardholder’s card has not started yet. Updates should be available for every cardholder within the year.
Using the certificates based on the stronger cryptography will guarantee the security of Estonian ID-documents in the future.
The second phase of the update will start in April, when the Information System Authority will launch version 3.12.3 of the ID-software. This version will update cards’ software as well as their identification and signing certificates.
As of April, documents issued in 2015 will get new software and certificates. The number of such documents is 264,000. In the process of the update, cards issued in 2015 will receive new certificates based on the stronger SHA-2 algorithm.
If the remote update to the card fails, cardholders should call to the ID Support Centre or visit one of the Police and Boarder Guard Board service points. If the update cannot be executed with the help of the ID Support Centre or at the service point, then the Police and Boarder Guard Board will issue a new card to the user.
In the process of implementing stronger cryptography, the 420,000 cards with personal identification certificates that do not comply with software manufacturers’ recently introduced, substantially stricter new standards, will be fixed as well.
The digital security landscape is continuously developing and if Google implements stricter certificate standards in its Chrome web browser then the Estonian ID cards’ certificates might have interoperability issue when used with Chrome web browser. Google will introduce stricter interpretation of certificate standards starting with Chrome version 51 (May 2016).
More information: ID Support Centre