Author: Ingolf Rauh

New CA4 in October

The new CA4 The new rules and regulations require certification service providers and trust service providers to use better algorithms to ensure the trustworthiness of signatures in the future. Swisscom will first replace the root certificate authority instance (CA) for Switzerland (CH jurisdiction) and later also for the EU (eIDAS jurisdiction), thereby adapting the entire certificate chain and providing for the new algorithms. This concern, on the one hand, the so-called "padding algorithm" which will switch from currently SASSA-PKCS1 v1_5 to RSASSA-PSS, and on the other hand the key length, which will be increased from 2048 to 3072. What are the implications?
  • The size of the signature in the signed document changes, i.e. the signature takes up more space. Since signature applications make estimates to the best of their knowledge of how much space a signature requires, it may be that this estimate is no longer correct and therefore a signature is no longer possible.
  • If you use standard applications that display trusted signatures, such as Adobe Reader, the latter will continue to trust the signatures. However, if you have special applications that first require the root certificate of the certificate chain for trustworthiness, you must reinstall it.
When will the changes take effect? We are planning a changeover in quarter I/II 2021. In addition to the existing account ("ClaimedID") we will issue a new ClaimedID based on the new certificate chain to customers. After 2-3 months we will switch off the old ClaimedIDs. In this respect, it is possible to test and switch individually during this period of time. What do you need to do? If you are the developer of the signature application you are using, you should observe the notes on the development information page https://github.com/SCS-CBU-CED-IAM/AIS/wiki/Swisscom-CA-4 . Otherwise, you should inform the partner which provided you with the signature application. At the same time, however, we will also inform all our partners. We will inform you with further details in February 2021.

Share this article

printer Kopiert! copy email facebook linkedin twitter