What does Sign Live! CC implements the valid catalog of algorithms"?
An algorithm catalog defines which cryptographic algorithms are currently and for a future period considered secure. In doing so, it largely defines the security level of a PKI(1).
By June 30.06.2017, 01.07.2017, the Signature Act and the Signature Ordinance (SigG/SigV) defined a PKI for qualified electronic signatures and required an algorithm catalog that was constantly updated. Since July XNUMXst, XNUMX, this has been regulated throughout Europe in the eIDAS regulation.
The BSI (Federal Office for Security in Information Technology) creates the alogorthm catalogue, each based on a forecast of 7 years. i.e. the algorithms considered can be considered safe today and in all probability for at least the next 7 years. Very often these periods are extended on a yearly basis. If an algorithm is expected to become insecure, users have a warning period of 7 years. It has not happened since the existence of the SigG algorithm catalog that known attacks suddenly jeopardize the security level of crypto-algorithms that a period of validity had to be shortened.
Sign Live! CC implements the specifications of the algorithm catalog valid at the time of publication of the software.
What happens to the algorithm catalog through the implementation of the eIDAS-VO?
In order to implement the eIDAS regulation in Germany, SigG/SigV will be replaced by the Trust Services Act and the associated regulation at the end of 2017. An algorithm catalog is e.g. Currently not anchored in the eIDAS-VO. It is still unclear whether the EU administration will decide on the necessary rules at EU level by then or whether Germany will continue to adhere to the German catalog as long as there is no EU catalogue. We will keep you informed on this topic.
(1) PKI = Public Key Infrastructure. For detailed information see https://de.wikipedia.org/wiki/Public-Key-Infrastruktur