k BSI certifikatu:
- ak sa to nezmenilo od roku 2013, tak sa pouziva cip: “SLE78CFX3000P od Infineon Technologies AG s operačným systémom Card OS V5.0” [http://plaut.sk/storage/pdf/elektronicka_identifika__na_karta.pdf, https://www.minv.sk/?EID_MV&subor=186520]
- BSI ma certifikaty k cipu SLE78CFX*P, CardOS V5.0 na adrese: BSI - Digitale Signatur - BSI-DSZ-CC-0833-2013
- dna 07.07.2017 bol vydany Maintenance Report (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte08/0833ma1a_pdf.pdf?__blob=publicationFile&v=2):
When using the product as a qualified electronic signature creation device the guidance
documentation as listed in the certification report [3] has to be used, whereby the
following constraints have to be taken into account:
- For RSA keys generated on chip only the key length 3072 and 3584 have a
security level above 100 bit. When using the product with on chip generated RSA
keys and in accordance e.g. to the German catalogue of appropriate algorithms
[7] only these key length values provide the required level of security of at least
100 bit.
If other key length values for RSA keys generated by the product are being used,
a specific assessment on the appropriateness supported by Atos and Infineon
has to be made within the context of the specific application. The certification
service provider has to take appropriate measures to ensure that key length
values providing the right level of security are used.- Constraints on cryptographic algorithms and parameters, e.g. when using the
product according to the German catalogue of appropriate algorithms [7], have to
be considered. These constraints cover in particular RSA, hash algorithms,
random number generation.
[3] Certification Report BSI-DSZ-CC-0833-2013 for CardOS V5.0 with Application for QES, V1.0 from Atos IT Solutions and Services GmbH, V1.0, 26 July 2013, Bundesamt für Sicherheit in der Informationstechnik
[7] Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der
Signaturverordnung (Übersicht über geeignete Algorithmen) vom 7. Dezember
2016, Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und
Eisenbahnen