Key Benefits:
527. Regulation of the Federal Chancellor, which changes the signature regulation
On the basis of § 25 of the Signature Act, BGBl. I n ° 190/1999, as last amended by the Federal Law BGBl. I n ° 152/2001, shall be assigned in agreement with the Federal Minister for Justice:
The Federal Chancellor's Ordinance on Electronic Signatures (Signature Ordinance-SigV), BGBl. II No 30/2000, shall be amended as follows:
1. The content summary with headline is:
| " TOC |
|
| § 1. |
Fees for the performance of the supervisory authority |
| § 2. |
Financial equipment of the certification service providers |
| § 3. |
Technical safety requirements for secure electronic signatures |
| § 4. |
Display of the data to be signed |
| § 5. |
Qualified certificate signatures |
| § 6. |
Signatures of the Supervisory Authority |
| § 7. |
Systems of the Supervisory Authority |
| § 8. |
Protection of the technical components for secure electronic signatures with the certification service provider |
| § 9. |
Testing of technical components and procedures |
| § 10. |
Provision of signature and certification services for qualified certificates and secure electronic signatures |
| § 11. |
Application for issuing a qualified certificate |
| § 12. |
Qualified certificates |
| § 13. |
Directory and revocation services for qualified certificates |
| § 14. |
Secure Time Stamp Services |
| § 15. |
Safety and certification concept for qualified certificates and safe time stamp services |
| § 16. |
Documentation |
| § 17. |
Renewed electronic signature (resignation) |
| § 18. |
Supervision and accreditation |
| § 19. |
Notification of the notification |
| § 20. |
Read-out |
| § 21. |
In-force pedals |
| § 22. |
Final destination |
| Annex |
|
2. § 1 together with the headline is:
" Fees for supervisory activities
§ 1 . (1) For the following individual services within the framework of supervision, the following fees are to be paid by the certification-service providers:
| 1. |
Registration of the indication of the acceptance of the activity of a certification service provider or the cessation of his activity (§ 6 para. 2 first sentence SigG) |
EUR 100; |
|
| 2. |
Acceptance of the safety and certification concept on the occasion of the acceptance of the activity or in the event of a change of a service (§ 6 para. 2 second sentence SigG) |
50 euro; |
|
| 3. |
Examination of the safety and certification concept of a certification service provider issuing qualified certificates or providing secure electronic signature procedures, on the occasion of the notification of the commence of his work (§ 6 para. 3 and § 13 (2) SigG) |
EUR 6 000; |
|
| 4. |
Examination of the safety and certification concept of a certification service provider that offers safe time stamp services |
EUR 2 000; |
|
| 5. |
Examination of the change of a safety and certification concept of a certification service provider, issuing qualified certificates or providing secure electronic signature procedures (§ 6 para. 2 second sentence SigG), |
||
| a) |
without any safety-related changes |
EUR 1 000; |
|
| b) |
with safety-related changes |
EUR 4 000; |
|
| 6. |
Voluntary accreditation of a certification service provider according to § 17 of the German SigG Act (SigG), if accreditation is not carried out in the course of the examination after Z 3 |
EUR 6 000; |
|
| 7. |
periodic inspection of a certification service provider issuing qualified certificates or providing secure electronic signature procedures (§ 13 para. 2 Z 1 SigG): per year |
EUR 4 000; |
|
| 8. |
Periodic review of a certification service provider issuing safe time stamps (§ 13 para. 1 SigG): per year |
EUR 2 000; |
|
| 9. |
authorisation-based verification of a certification-service provider issuing qualified certificates or providing secure electronic signature procedures that are not only insignificant in breach of the SigG or on its The basis of the previous regulations or due to the omission of the display of safety-related changes to supervisory measures according to Z 10 (§ 14 SigG) |
EUR 6 000; |
|
| 10. |
Supervisory measures to be taken in the form of a decision (§ 14 SigG) |
||
| a) |
Issue of requirements for safety-related defects: in addition to Z 7 |
EUR 1 000; |
|
| b) |
Undercover of the further exercise of the activity as a certification service provider: in addition to Z 7 |
EUR 1 000; |
|
| 11. |
Continuing the revocation service of a certification service provider by the supervisory authority (§ 12 and § 14 paragraph 5 SigG). per certificate, which is conducted in the revocation service |
1 euro; |
|
| 12. |
Management of the directories at the supervisory authority (Section 13 (3) and section 17 (1) of the German SigG Act): per accepted certification service provider and year |
500 euro; |
|
| 13. |
Assessment of the equivalence of audit reports of a state-recognised body of a third country (§ 24 para. 3 SigG) |
EUR 6 000 |
|
(2) Insofar as the supervisory authority serves as an expert within the framework of supervision under the signature law or the regulations of a confirmation body or other non-official persons or bodies established pursuant to the provisions of the signature act, or of any other non-official persons or bodies, to prescribe the fees in accordance with § 53a AVG to the relevant certification service provider as a cash outlay within the meaning of § 76 AVG.
(3) The fees shall be pre-written by the supervisory authority. "
3. § 2 para. 1 second sentence reads:
"Certification service providers who issue qualified certificates or provide secure electronic signature procedures have a minimum capital of 300 000 euros."
4. In § 2, the para. 2 and 3 are:
" (2) Certification-service providers who issue qualified certificates or provide secure electronic signature procedures also have the supervisory authority at the same time as the listing of their activities in accordance with § 6 paragraph 2 SigG Proof that they have received a liability insurance cover with a minimum insurance sum of EUR 700 000, covering at least three insurance cases per year.
(3) The obligations under (1) and (2) shall exempt the federal government, the Länder, municipal associations and municipalities with more than 50 000 inhabitants and the institutions of social security. "
5. The § § 3 to 7 shall include the following headings:
" Technical safety requirements for
Signature creation data and signature creation devices for secure signatures
§ 3. (1) The technical components and processes used in the production and storage of signature creation data for secure electronic signatures shall be subject to the requirements of their review pursuant to Article 18 (5) SigG. Requirements of § 9. The same applies with respect to the signature-creation unit for secure electronic signatures, specifically for such technical components and methods which are used for processing the signature-creation data.
(2) Only those algorithms and parameters which meet the requirements of the Annex may be used for secure electronic signatures. The boundary conditions applicable to the technical safety of these algorithms and parameters shall be chosen in such a way as to correspond to the respective state of the art.
(3) The signature-creation data for secure electronic signatures may be distributed among several separate components. In such a case, the security requirements must be met by the signature-creation unit as a whole of the components.
Technical security requirements for the
System environment of the signature creation device for secure signatures
§ 4. (1) Only the formats recommended by the certification service provider may be used to represent the content of the data to be signed prior to triggering the signature operation. The specification of such a format must be generally available. The specification must ensure that the signed data can be displayed without any doubt and with the same result, both during signature creation and in signature verification. If dynamic changes can be coded in a format, those elements that can cause dynamic changes must not be used.
(2) The signature function in the signature-creation unit of the Signator may only be triggered after the use of authorization codes (e.g. PIN-input, fingerprint). The number of signatures, which is triggered by authorization of the signator to its signature-creation unit, must be known to the signator at the time of the triggering of the signature process. The same authorization code cannot be used for different applications (e.g. signature and ATM function). The authorization codes entered must not remain in memory from the system elements used beyond the signature process. Reentry of authorization codes must be excluded if you are repeatedly entering authorization codes. The unauthorized experience of the authorization codes must be effectively excluded by its design and by blocking mechanisms.
Qualified certificate signatures
§ 5. (1) Signature-creation data which certification-service-providers use when issuing qualified certificates must be produced in a signature-creation unit under § 9. They are not allowed to be available outside this signature creation device. The algorithms and parameters used must be in accordance with the Annex.
(2) A certification-service-provider must be able to verify secure electronic signatures produced on the basis of a qualified certificate issued by it. The procedures and algorithms for signature verification form a logical unit with the procedures and algorithms for signature creation and are to be documented together.
Signatures of the Supervisory Authority
§ 6. Signature creation data used by the supervisory authority for secure electronic signatures in the management of the lists of certificates for certification-service-providers pursuant to § 13 (3) SigG must comply with § 3 (2) and in one after § 9 verified signature creation unit generated and stored. They are not allowed to be available outside this signature creation device.
Systems of the Supervisory Authority
§ 7. The generation system for both the signature creation data and the secure signatures shall be isolated and intended solely for the purposes of § 6 and shall be adequately protected from interference and interference. "
6. § 9 together with headline:
" Testing of technical components and processes
§ 9. (1) In the examination of the technical components and procedures for the production of secure signatures, security requirements are to be applied, which are recognized as suitable by a confirmation body (§ 19 SigG). In particular, protective profiles (Protection Profiles) can be used which are based on the "Common Criteria for the Examination and Evaluation of Information Security" (Common Criteria for Information Security Evaluation-ISO/IEC). 15408) "or according to the" criteria for the evaluation of the security of information technology security evaluation criteria (ITSEC) ". The same applies to the verification of trusted systems, products and procedures that are used for the creation of qualified certificates, for the storage of signature creation data for qualified certificates, or for secure Time stamp services are used.
(2) In the case of the tests referred to in paragraph 1, reference numbers must be observed in particular, which are published in the Official Journal of the European Communities in accordance with Article 3 (5) of the Signature Directive 1999 /93/EC for secure signature creation units (Secure Signature-Creation) Devices-SSCD) or trusted systems or products of the certification service provider.
(3) If technical components and processes are used in a controlled environment, safety requirements which must be technically ensured in accordance with paragraph 1 may also be organised by qualified and qualified staff. can be met with appropriate access and access control measures, or technically and organizationally. The fulfilment of these safety requirements shall be examined by a confirmation body.
(4) In the certificate issued by the confirmation body on the fulfilment of the safety requirements for technical components and procedures for the production of safe signatures (§ 18 paragraph 5 SigG), it must be stated for which applications, under which Conditions of use and up to which date they apply. Copies of the certificate and any test reports shall be sent to the supervisory authority. "
7. In § 10 para. 2, first sentence, after the word " Certification Service Provider " the expression " , which issues qualified certificates or provides secure electronic signature procedures, " inserted.
8. § 10 (6), first sentence reads:
"If the signature creation data is generated by the certification service provider or in the production of the signature creation unit, then this signature creation data may only be handed out to the Signator by the certification service provider."
9. In § 10 (7), after the abbreviation "zB" the expression "measures necessary to trigger the signature function," inserted.
10. § 11 (1) reads:
" (1) The certification-service-provider shall establish the identity of the certifier on the basis of a valid official photo-ID. The data of the presented photo ID are to be recorded by the production of a clearing, and to document it with the application. If the submitted document permits this due to its technical equipment, the obligation to record and documentation can also be fulfilled in exclusively electronic form. The application for the issuing of a qualified certificate must be signed by the certificate advertiser on a personal basis. If it uses an electronic signature, which is assigned a unique identity, it can be waiver of the new identity determination on the occasion of the application. "
11. In § 12, the para. 2 to 4 are:
" (2) The formats for qualified certificates shall be specified in a clear and complete manner, so that their automatic verification is possible.
(3) The period of validity of a qualified certificate shall not exceed five years.
(4) Until the expiry of the validity of a qualified certificate, it is permissible, with the exception of the period of validity and the unique identifier, to re-certify the same content together with the same signature verification data, and thus a new Issue a certificate. In all other cases, the circumstance that qualified certificates issued for signature purposes have the same signature verification data but different contents will result in a compromise of the certificates concerned. "
12. § 13 (1) reads:
" (1) The directory and revocation services may be provided in a variety of formats. The certification-service-provider shall ensure that the formats of the revocation services are appropriate for their continued operation by the supervisory authority. The formats of the revocation services, which refer to a qualified certificate, must not be changed during the period of validity of the qualified certificate. In any case, revocation services must allow the determination of whether a signature was valid at a particular time of creation or that the certificate was revoked. "
13. In § 13 (7), the second sentence reads:
"This period shall not exceed ten days."
14. § 14 (1) reads as follows:
" (1) Only systems, products and processes which are protected from change and which are technically and cryptographically secure may be used for the provision of safe time stamp services. The time stamps must be created in a signature creation unit tested in accordance with § 9. The algorithms and parameters used must be in accordance with the Annex. Where certificates are used for time stamp services, only those issued exclusively for this purpose may be used and specifically designated for that purpose. "
15. In § 14 (3), the word "must" through the turn "and the security measures for automatic triggering of the time stamp function must" replaced.
16. In § 15, the title reads:
" Safety and certification concept for qualified certificates and
safe time stamp services "
17. In § 15 (1) the entry rate is:
"The safety and certification concept of certification-service providers issuing qualified certificates shall include, in particular, the following information:"
18. In § 15 (1) Z 15, the word "Documents" by the word "Data" replaced.
19. § 15 (2) is replaced by the following paragraphs 2 and 3:
" (2) The safety and certification concept for a safe time stamp service shall contain, in particular, the following information:
| 1. |
The name of the certification service provider, |
|||||||||
| 2. |
the address of the certification service provider and the State of its establishment, |
|||||||||
| 3. |
the nature, scope and provision of the time stamp services provided; |
|||||||||
| 4. |
Time stamp service signature verification data, |
|||||||||
| 5. |
procedures used for the preparation of the time stamps provided, |
|||||||||
| 6. |
the formats of the time stamp, |
|||||||||
| 7. |
the availability period of time stamp services; |
|||||||||
| 8. |
traceable and generally comprehensible method for checking the time stamps, |
|||||||||
| 9. |
Form of documentation of safety precautions, incidents and special operating situations, |
|||||||||
| 10. |
Protection of technical components from unauthorised changes. |
|||||||||
(3) The security and certification concept shall be presented to the supervisory authority in electronic form in the format XML with presentation function, PDF, Ascii or postscript. It must be provided with the electronic signature (§ 5 para. 3 SigG) of the certification service provider. In addition, the certification-service provider has the safety and certification concept as well as a clear and generally understandable summary of the concept in XML format with presentation function, PDF, Ascii or Postscript ready to be available electronically at any time in general. "
20. § 16 (1) last sentence reads:
" The data contained in the documentation of a certification service provider, which issues qualified certificates or provides secure electronic signature procedures, must be provided with its electronic signature (§ 5 paragraph 3 SigG) and secure time (§ 14 (2)). "
21. In § 16 (2), the words " 33 years " through the words " 35 years " replaced.
22. In accordance with Section 16 (2), the following paragraph 3 is added:
" (3) Certification service providers who do not issue qualified certificates shall have documentation on the signature verification data of the certification service provider, the certificates issued and the revocations. The retention period of the documentation shall be indicated in the safety and certification concept. "
23. § 17 reads:
" § 17. (1) The period after which a new secure electronic signature should be affixed due to the threat of a reduction in the safety value must be specified in the certification service provider's safety and certification concept. In any case, a resignation must be carried out before the expiry of the period which is relevant for the security of the signature-creation procedures used. The date of the resignation must be clear from the signed document.
(2) The imminent reduction in the safety value of a document can also be prevented by the affixing of a time stamp. "
24. In § 18 (1) the expression "RTF," by the expression "XML with presentation function," replaced.
25. In § 18 (2) the entry rate is:
"In particular, the qualified certificate panel shall be connected:"
26. In § 18 (4), first sentence, after the word "Certification service providers" the twist "which issue qualified certificates," inserted.
27. In § 18 (6), the second sentence is deleted.
28. In § 19, the previous text receives the sales designation " (1) " and the following paragraph 2 is added:
" (2) The regulation amending the signature regulation, BGBl. II No 527/2004, has been adopted in compliance with the provisions of Directive 98 /34/EC laying down a procedure for the provision of information in the field of technical standards and regulations, OJ L 206, 22.7.1998, p. No. OJ L 204 of 21.07. 1998 S 37, as amended by Directive 98 /48/EC, OJ L 327, 28.5.1998, p. No. OJ L 217, 05.08.1998, p. 18, notified to the Commission (Notification number 2004 /321/A). "
29. According to § 19, the following § § 20 to 22 and the heading are added:
" Votings
§ 20. The documents with technical content cited in § 9 are to be made available electronically via the website of the supervisory authority.
In-force pedals
§ 21. § § 1 to 7 and 9 to 22 in the version of the BGBl Regulation. II No 527/2004 enter into force 1. Jänner 2005 in force.
Final destination
§ 22. Certificates issued by a confirmation body issued before the date of entry into force referred to in § 21 shall continue to be effective. "
30. Annexes 1 and 2 are replaced by the following Annex:
" ANNEX
Algorithms and parameters for secure electronic signatures
1. Definitions
1. Signature suite: A signature suite consists of the following components:
| - |
a signature algorithm with parameters, |
|||||||||
| - |
an algorithm for key generation, |
|||||||||
| - |
a padding process and |
|||||||||
| - |
a cryptographic hash function. |
|||||||||
2. Bit length: The bit length of a natural number p is R , if 
shall apply.
3. Cryptographic hash function: The algorithm "hash function" is a non-reversible function, which maps an extensive amount of data (usually a text) to a generally smaller target amount of fixed length (hash value).
2. Abbreviations
| A9C |
"Article 9 Committee" (Committee on Electronic Signatures pursuant to Article 9 of Directive 1999 /93/EC) |
| DSA |
Digital Signature Algorithm |
| ECDSA |
Elliptic Curve Digital Signature Algorithm |
| ECGDSA |
Elliptic Curve German Digital Signature Algorithm |
| RSA |
Procedures by Rivest, Shamir and Adleman |
| ZDA |
Certification Service Providers |
3. Allowed signature suites
Algorithms and parameters for secure electronic signatures may only be used in pre-defined combinations, known as signature suites.
If a component of the suite is invalid, the entire suite is also invalid. If a component of the suite has been updated, the entire suite will also be updated.
Table 1a-List of acceptable signature-suites:
| Signature Suite Entry Measure |
Signature algorithm |
Signature algorithm parameters |
Key Generation Algorithm |
Padding Method |
Cryptographic hash function |
| 001 |
rsa |
MinModLen = 1020 |
rsagen1 |
emsa-pkcs1-v1_5 |
sha1 |
| 002 |
rsa |
MinModLen = 1020 |
rsagen1 |
emsa-pss |
sha1 |
| 003 |
rsa |
MinModLen = 1020 |
rsagen1 |
emsa-pkcs1-v1_5 |
ripemd160 |
| 004 |
rsa |
MinModLen = 1020 |
rsagen1 |
emsa-pss |
ripemd160 |
| 005 |
dsa |
pMinLen = 1024 qMinLen = 160 |
dsagen1 |
- |
sha1 |
| 006 |
ecdsa-Fp |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen1 |
- |
sha1 |
| 007 |
ecdsa-F2m |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen2 |
- |
sha1 |
| 008 |
ecgdsa-Fp |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen1 |
- |
sha1 |
| 009 |
ecgdsa-Fp |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen1 |
- |
ripemd160 |
| 010 |
ecgdsa-F2m |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen2 |
- |
sha1 |
| 011 |
ecgdsa-F2m |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen2 |
- |
ripemd160 |
Some of the algorithms listed in this Annex are registered by object identifiers. These are reproduced in the form of information in Table 1b.
Table 1b-Object identifiers (OID)
4. Permitted cryptographic hashing
Only collision-resistant hash functions may be used for secure electronic signatures. This requirement is satisfied if it is not feasible to find two documents that provide the same hash value.
Table 2-List of currently allowed hash functions
| Hash function measure |
Hash function abbreviation |
| 2.01 |
sha1 |
| 2.02 |
ripemd160 |
5. Allowable Padding
Table 3-List of permissible padding methods
| Measure of the Padding Method |
Short description of the filling process |
Random number generation |
Random number generator parameters |
| 3.01 |
emsa-pkcs1-v1_5 |
- |
- |
| 3.02 |
emsa-pss |
still to be defined |
still to be defined |
6. Permitted Signature Algorithms
Table 4-List of allowed signature algorithms
| Signature algorithm measure |
Signature algorithm short name |
Signature algorithm parameters |
Algorithm for key and parameter generation |
| 1.01 |
rsa |
MinModLen = 1020 |
rsagen1 |
| 1.02 |
dsa |
pMinLen = 1024 qMinLen = 160 |
dsagen1 |
| 1.03 |
ecdsa-Fp |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen1 |
| 1.04 |
ecdsa-F2m |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen2 |
| 1.05 |
ecgdsa-Fp |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen1 |
| 1.06 |
Ecgdsa-F2m |
qMinLen = 160 r0Min = 10 4 MinClass = 200 |
ecgen2 |
Table 5-List of allowed key generation algorithms for the signature algorithms listed in Table 4
| Key generation algorithm measure |
Abbreviated key generation algorithm |
Signature algorithm |
Method of random number generation |
Parameters of the random number generation method |
| 4.01 |
rsagen1 |
rsa |
trueran or pseuran |
EntropyBits 128 or SeedLen 128 |
| 4.02 |
dsagen1 |
dsa |
trueran or pseuran |
EntropyBits 128 or SeedLen 128 |
| 4.03 |
ecgen1 |
ecdsa-Fp, ecgdsa-Fp |
trueran or pseuran |
EntropyBits 128 or SeedLen 128 |
| 4.04 |
ecgen2 |
ecdsa-F2m, ecgdsa-F2m |
trueran or pseuran |
EntropyBits 128 or SeedLen 128 |
7. Explanatory notes on individual parameters of the allowed signature algorithms
7.1 RSA
The security of the RSA algorithm is based on the difficulty of factorizing large integers. In order to generate the signature creation data and signature verification data, two prime numbers are random and independent p and q , where the bit length of the module n = pq is at least MinModLen; its length is also called ModLen; each prime number must be effectively influenced by entropyBits bits of actual coincidence or an output value of the length SeedLen. p and q should be of approximately the same length, e.g. should a range such as 
on the market.
7.2 DSA
The security of the DSA algorithm is based on the difficulty of the discrete logarithm in the multiplicative group of a prime body. F p to be calculated.
The signature creation data consists of
| - |
the public parameters p , q and g , |
|||||||||
| - |
a random or pseudo-randomly generated integer X , 0 < X < q , which is signator-specific, and |
|||||||||
| - |
a random or pseudo-randomly generated integer K , 0 < K < q , which is to be recreated for each signature. |
|||||||||
| The public parameters p , q and g may be the same for a group of users. The prime module p must be at least pMinLen bits long. q , which is a prime factor of ( p -1) must be at least qMinLen bits long. |
||||||||||
The signature verification data consists of p, q, g and a whole number Y , the Y = g X mod p is calculated.
7.2.1 DSA variants with elliptical curves based on a group E ( F p )
The security of the algorithm ecdsa-Fp is based on the difficulty of calculating the discrete logarithm over elliptical curves.
The public parameters are as follows:
| - |
p a large prime number, |
|||||||||
| - |
q a large prime number with a length of at least qMinLen bits, |
|||||||||
| - |
E an elliptical curve over the finite body F p , whose order is q is divisible, and |
|||||||||
| - |
P a fixed point on E with the order q . |
|||||||||
The class number of the maximum order of the endomorphismenring of E must be at least MinClass. The value R 0 : = min ( R : q Shares p R -1) must be greater than r0Min.
The signature creation data consists of
| - |
the public parameters E , q and P ; |
|||||||||
| - |
a statistically unique and unpredictable whole number X , 0 < X < q , which is signator-specific and |
|||||||||
| - |
a statistically unique and unpredictable whole number K , 0 < K < q , which is to be recreated for each signature. |
|||||||||
The signature verification data consists of E , q , P and one point Q on E , the Q = xP is calculated. The elliptical curve over F p must be chosen in such a way that their order by means of a prime number q the length 
shall be divisible.
7.2.2 DSA variants with elliptical curves based on a group E ( F 2m)
The security of the algorithm ecdsa-F2m is based on the difficulty of calculating the discrete logarithm over elliptical curves.
The public parameters are as follows:
| - |
M a prime number, |
|||||||||
| - |
q a large prime number with a length of at least qMinLen bits, |
|||||||||
| - |
E an elliptical curve over the finite body F 2m, whose order by q is divisible, |
|||||||||
| - |
it must not be possible, E over F 2 , and |
|||||||||
| - |
P a fixed point on E with the order q . |
|||||||||
| The class number of the maximum order of the endomorphismenring of E must be at least MinClass. The value R 0 : = min ( R : q Shares 2 mr -1) must be greater than r0Min. |
||||||||||
The signature creation data consists of
| - |
the public parameters E, q and m; |
|||||||||
| - |
a statistically unique and unpredictable whole number X , 0 < X < q , which is signator-specific, and |
|||||||||
| - |
a statistically unique and unpredictable whole number K , 0 < K < q , which is to be recreated for each signature. |
|||||||||
The signature verification data consists of E , q , P and one point Q on E , the Q = xP is calculated. The elliptical curve over F 2m must be chosen in such a way that their order by a prime number q the length 
shall be divisible.
7.2.3 EC-GDSA based on a group E ( F p )
The ecgdsa-Fp algorithm is a variant of the ecdsa-Fp algorithm with a modified equation for signature creation and modified procedure for signature verification. The parameters are the same as for ecdsa-Fp.
7.2.4 EC-GDSA based on a group E ( F 2m)
The algorithm ecgdsa-F2m is a variant of the algorithm ecdsa-F2m with modified equation for signature creation and modified procedure for signature verification.
8. Generating random numbers
Table 6-List of permitted methods for the generation of random numbers
| Random Generator Measure |
Short description of the random generator |
Random number generation parameters |
| 5.01 |
Trueran |
EntropyBits |
| 5.02 |
Pseuran |
SeedLen |
| 5.03 |
cr_to_X9.30_x |
SeedLen |
| 5.04 |
cr_to_X9.30_k |
SeedLen |
8.1 Requirements for random number generators trueran
A physical random number generator is based on a physical noise source (primary noise) and a cryptographic or mathematical after-treatment of the primary noise. The primary noise must be regularly subjected to an appropriate statistical test. The expected expense of obtaining a cryptographic key should be at least equal to the expense of the rate of the rate of a random value of the length EntropyBits.
8.2 Requirements for random number generators pseuran
A pseudo-random number generator must be initialized with a real random number. The initial value is referred to as "seed" and has the length SeedLen. The output of the generator must meet the following requirements:
| - |
No information regarding the output bits generated can be determined in advance; |
|||||||||
| - |
the knowledge of a subsequence of the output does not allow a conclusion to a remaining bit with a probability that is not-negligibly different from chance; |
|||||||||
| - |
there is no usable method to remove from the output of the generator a previously generated or future output, an internal state, or the initial value ("seed") on the market. |
|||||||||
The expected expense of obtaining any internal status of the generator should be essentially the difficulty of obtaining a random value of the length SeedLen bits.
If the generator has been initialized with at least SeedLen bits, then up to n = 100 Sequence generated signature creation data is used as if it had been generated by a generator trueran. For the mass production (by the certification service provider ZDA) of K Keys, k > n It is permissible that in addition to the initial entropy requirement of real coincidence (from a trueran generator) slowly with a rate of j = 8 Bits per output value will be added, otherwise the generator should be completely re-initialized.
If re-initialization is applied, the security of the re-initialization process must be at least as strong as the original initialization and procedures that are similar to the creation of root keys. Smartcard re-initialization is not allowed.
No backups of the initial value ("seed") or internal stati of pseudo-random number generators are allowed. "
Bowl
;