What does “Sign Live! CC implements the currently valid catalog of algorithms "?

An algorithm catalog defines which cryptographic algorithms are currently and for a period in the future considered to be secure. In doing so, it significantly sets the level of security of a PKI(1) fixed.
The Signature Act and the Signature Ordinance (SigG / SigV) for qualified electronic signatures have a PKI defined and required a catalog of algorithms that was constantly updated. This has been regulated across Europe in the eIDAS regulation since July 01.07.2017st, XNUMX.

The BSI (Federal Office for Information Security) creates the Alogorthmen catalog based on a 7-year forecast. I. E. the algorithms under consideration are to be regarded as secure today and in all probability for at least the next 7 years. Very often these periods are extended every year. If it is to be expected that an algorithm will become insecure, users have a warning period of 7 years. It has not happened since the SigG catalog of algorithms that known attacks jeopardize the security level of cryptographic algorithms so suddenly that a period of validity had to be shortened.

Sign Live! CC implements the specifications of the algorithm catalog valid at the time of publication of the software.

What happens to the algorithm catalog through the implementation of the eIDASVO?

In order to implement the eIDAS regulation in Germany, SigG / SigV will be replaced by the Trust Services Act and the associated regulation at the end of 2017. An algorithm catalog is e.g. Not yet in the eIDASVO anchored. It is still open whether by then the EU-Manage the necessary rules EULevel or Germany continues to adhere to the German catalog as long as no EU-Catalog exists. We will keep you informed on this subject.

(1) PKI = Public key infrastructure. For details, see https://de.wikipedia.org/wiki/Public-Key-Infrastruktur

 

Last updated: June 2021
Created: December 2016

Created: 29.12.2016 - 11: 44
Stand: 24.06.2021 - 10: 38

FAQ search