eID prelomene?

Čo sa deje v e-Governmente Štátne projekty
356

k BSI certifikatu:

When using the product as a qualified electronic signature creation device the guidance
documentation as listed in the certification report [3] has to be used, whereby the
following constraints have to be taken into account:

  • For RSA keys generated on chip only the key length 3072 and 3584 have a
    security level above 100 bit. When using the product with on chip generated RSA
    keys and in accordance e.g. to the German catalogue of appropriate algorithms
    [7] only these key length values provide the required level of security of at least
    100 bit.
    If other key length values for RSA keys generated by the product are being used,
    a specific assessment on the appropriateness supported by Atos and Infineon
    has to be made within the context of the specific application. The certification
    service provider has to take appropriate measures to ensure that key length
    values providing the right level of security are used.
  • Constraints on cryptographic algorithms and parameters, e.g. when using the
    product according to the German catalogue of appropriate algorithms [7], have to
    be considered. These constraints cover in particular RSA, hash algorithms,
    random number generation.

[3] Certification Report BSI-DSZ-CC-0833-2013 for CardOS V5.0 with Application for QES, V1.0 from Atos IT Solutions and Services GmbH, V1.0, 26 July 2013, Bundesamt für Sicherheit in der Informationstechnik
[7] Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der
Signaturverordnung (Übersicht über geeignete Algorithmen) vom 7. Dezember
2016, Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und
Eisenbahnen

3 Likes