Estonia will use stronger cryptography in its eID cards
Starting on March 1st, Estonia will implement stronger cryptography in the ID-cards, digi-ID’s, resident ID-cards and e-resident digi-IDs it produces and issues. The updating of previously-issued cards will begin in March and the update process will last through the end of 2016.
“We are implementing stronger cryptography in order to maintain the high security of Estonian ID-cards in the future,” said Joosep Kaasik, Deputy Director General in the field of Development of the Police and Border Guard Board (PBG). Cardholders will be able to use their personal computers and card readers to secure the update. “This will be more convenient than visiting a service point in person,” Kaasik explained.
The need for stronger cryptography was made clear in a survey report on the lifecycles of cryptographic algorithms. The report recommended abandoning the use of the SHA-1 hash algorithm. The new certificates will use the longer SHA-2 algorithm. Many of the world’s biggest software and technology companies are also transitioning over to the SHA-2.
In March, a new version of the ID card software will be published. The new software will make it possible to implement the stronger cryptography in previously issued ID-cards and digi-ID documents.
Joosep Kaasik emphasized that it was extremely important that starting March 1st web service providers and information systems owners be prepared to service cards using stronger cryptography.
“The overwhelming majority of service providers have announced their preparedness to service cards with the stronger cryptography and we expect that by March the other service providers will follow suit and make all the necessary changes,” said Kaasik.
The software update will involve not only stronger cryptography, but also upgraded certificates for those cards issued in 2014 and 2015 that do not comply with the stricter certificate validation standards that are adopted by Google Chrome’s new version.
The update will be carried out starting with the 420,000 Estonian ID-cards to ensure that they are compatible with Chrome’s new version. The need to upgrade the certificates arose after Google announced last October that the new version of Chrome would renew certificate compliance standards.
Starting in March, cardholders will be able to get the certificiate update by downloading and installing the new software on their computers, launching the ID-Card Utility program and then following the on-screen directions for certificate renewal.