Excerpts from German Government Draft Technical Catalogues (Maßnahmenkataloge) for Digital Signatures (Version 1.0 of November 18, 1997)

Translation and Commentary by Christopher Kuner, Esq.

Morrison & Foerster LLP, Brussels

Translation copyright 1997 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.

Commentary: The German Digital Signature Law and Digital Signature Ordinance are to be followed by technical catalogues for certification authorities and digital signature procedures, to be enacted under § 12(2) and 16(6) of the Digital Signature Ordinance. The Federal Office for Information Security (BSI), a German government agency, has been working on such catalogues for over a year, and a hearing on drafts of the catalogues was held in Bonn on December 19, 1997 to give industry an opportunity to voice their views; the German version of the catalogues is available on the Internet. As the catalogues set forth many of the technical details for implementation of the Digital Signature Law and Ordinance, they are of great practical importance.

At the hearing, industry was almost unanimous in their rejection of the catalogues in their present form. While praising the BSI's hard work, industry representatives criticized several points regarding the catalogues:

(1) Their length (over 300 pages total) and complexity makes them difficult to understand and implement.

(2) They regulate many areas unnecessarily; many industry representatives noted that only sections 5 and 6 of the catalogues were really necessary under the Ordinance.

(3) They are phrased in a normative way, whereas they were supposed to only give examples of technical measures that would satisfy the Law and Ordinance.

(4) In their present form they are inflexible will tend to lock in the use of a particular standard for digital signatures.

(5) The catalogues are incompatible with international standards and developments.

(6) The level ITSEC E4 "high" is excessive for many uses of digital signatures.

At the hearing, BSI representatives stated that they would go "back to the drawing board" and revise the catalogues based on the above criticisms. The rejection of the draft technical catalogues thus represents an important setback for the German government's digital signature standard.

It would be impossible here to provide complete translations of the technical catalogues. However, to give the reader a flavor of them, the following is a translation of the introduction and table of contents; page numbers are retained to give an idea of the catalogue's length.

Finally, a translator's note: while in my translations of the Digital Signature Law and Ordinance I translated "Zertifizierungsstelle" as "certifier", here I have reverted to the more internationally-accepted "certification authority" or "CA".

DRAFT

Technical Catalogues

for Digital Signatures

- based on the Digital Signature Law and Ordinance -

Published by the Regulatory Office for Telecommunications and Post

based on information of the Federal Office for Information Security (BSI)

Version 1.0 of November 18, 1997

Introduction

The secure use of information technology, which today is networked on a world-wide basis, requires the use of effective cryptographic mechanisms. This is true not only regarding the encryption of confidential data, which is what one thinks of first when one hears the word "cryptography". Modern asymmetric cryptography has also developed procedures that can ensure the integrity and authenticity of digital data. Digital signatures are particularly important in this regard, and represent a functional digital equivalent to the signature of paper documents by hand.

The uses of digital signatures range from ordering goods, issuing identity cards, bank transfers, etc., to, for example, the issuance of medical certificates. Digital signatures are an instrument for the further digitalization of information processing. In many cases it is quite inefficient to always have to reply on paper when a signature is required. The use of digital signatures makes possible a quantitative leap in the effectiveness of processing digital information and is therefore also of great economic importance.

Today concrete implementations of digital signatures are widely used approximately 20 years after their "invention". In the USA a particular digital signature algorithm has been prescribed for governmental use since 1992, and numerous institutions are presently working on further standards for signature algorithms. At the end of 1996 the federal government introduced by means of a cabinet resolution a Digital Signature Law (SigG), which entered into force on August 1, 1997.

This Law is intended to prevent uncontrolled developments, to regulate the necessary infrastructure (e.g., certification authorities), and thus to create conditions in which a wide practical usage of digital signatures can develop. In particular, a condition for the protection of the rights of individual participants in legally-binding electronic communication has been hereby satisfied. The legal questions relating to digital signatures can then be dealt with legally in a further step.

The following technical catalogues for digital signatures were drafted by the Federal Office for Information Security (BSI). They describe how the individual technical components and the organizational background are to be designed, in order to attain a total system in which digital signatures can be created which are secure against forgery and falsification.

Table of Contents

1. OVERVIEW - 4

2. OVERVIEW OF THE ESTABLISHMENT OF CERTIFICATION AUTHORITIES - 6

2.1 CA SERVICES - 6

2.1.1 Key generation for the CA - 6

2.1.2 Establishing the customer's identity (incl. registration) (RA) - 7

2.1.3 Certification of public customer keys (CA) - 7

2.1.4 Personalization of signature components by the CA upon key generation by the customer -7

2.1.5 Directory Services (DIR) - 7

2.1.6 Time stamp services (TSS) - 7

2.1.7 Key generation for customers - 8

2.2 SECURITY RISK ANALYSIS OF A CA - 8

2.3 CORRESPONDING EFFECT OF A CA's SERVICES - 11

3. GENERAL RECOMMENDATIONS - 13

3.1 STRUCTURE OF CERTIFICATES - 13

3.2 CONTENTS OF SIGNATURES - 16

4. PROCESSES - 20

5. TECHNICAL CATALOGUES UNDER § 12 (2) DIGITAL SIGNATURE ORDINANCE - 21

5.1 REQUIREMENTS UNDER THE DIGITAL SIGNATURE LAW AND ORDINANCE - 21

5.2 SECURITY REQUIREMENTS AND RECOMMENDATIONS - 46

5.2.1 General security requirements and security policies - 46

5.1.2 Functional security requirements for CAs - 46

5.2.3 Security requirements and recommendations for registration authorities - 47

5.2.4 Security requirements and recommendations for blocking management - 49

5.2.5 Security requirements and recommendations for security plans and documentation - 51

5.2.6 Security requirements and recommendations for process organization - 52

5.2.7 Security requirements and recommendations for personnel - 53

5.2.8 Security requirements and recommendations for infrastructure - 53

5.2.9 Security requirements and recommendations for IT - 54

5.3 SUGGESTED SOLUTIONS - 55

5.3.1 Suggestion 1: Centralized model - 55

5.3.2 Suggestion 2: Decentralized model - 56

5.3.3 Mixed forms of solutions 1 and 2 - 56

5.4 TECHNICAL CATALOGUE - 57

5.4.1 Threats - 57

5.4.2 Measures - 59

5.4.3 Relation of measures to solutions - 78

5.4.4 Relation of measures to security requirements - 80

6. TECHNICAL CATALOGUE UNDER § 16 (6) DIGITAL SIGNATURE ORDINANCE - 83

6.1 CRYPTOGRAPHIC ALGORITHMS - 83

6.1.1 Requirements under the Digital Signature Law and Ordinance - 83

6.1.2 Cryptographic requirements - 84

6.1.3 Suggestions for appropriate hash functions - 85

6.1.4 Suggestions for appropriate signature algorithms - 86

6.1.5 Creation of random numbers - 88

6.2 CREATION AND CERTIFICATION OF KEYS - 91

6.2.1 Requirements under the Digital Signature Law and Ordinance - 91

6.2.2 Security requirements and recommendations - 100

6.2.3 Suggestions - 103

6.2.4 Technical Catalogue - 103

6.3 PERSONALIZATION - 111

6.3.1 Requirements under the Digital Signature Law and Ordinance - 111

6.3.2 Security requirements and recommendations - 117

6.3.3 Recommendations - 119

6.3.4 Technical catalogue - 120

6.3.5 Exemplary Personalization of a model PSE - 126

6.4 DIRECTORY SERVICES - 130

6.4.1 Requirements under the Digital Signature Law and Ordinance - 130

6.4.2 Security requirements - 138

6.4.3 Recommendations - 141

6.4.4 Technical catalogue - 144

6.5 TIME STAMP SERVICES - 152

6.5.1 Requirements under the Digital Signature Law and Ordinance - 152

6.5.2 Security requirements and recommendations - 156

6.5.3 Recommendations - 158

6.5.4 Technical catalogue - 160

6.6 USER INFRASTRUCTURE - 164

6.6.1 Requirements under the Digital Signature Law and Ordinance - 165

6.6.2 Security requirements and recommendations - 175

6.6.3 Recommendations - 176

6.6.4 Technical catalogue - 177

A. Exemplary scenaria for technical infrastructure - 186

B. ITSEC functionality class F-C2 - 191

Identification and authentication - 191

Access control - 191

Securing of evidence - 191

Protocol evaluation - 192

Renewed preparation - 192

6.7 SIGNATURE COMPONENTS - 193

6.7.1. Requirements under the Digital Signature Law and Ordinance - 193

6.7.2. Generic security requirements and recommendations - 209

6.7.3. Threats - 216

6.7.4. Chipcards as signature components - 218

6.7.5 Security boxes as signature components - 238

6.7.6 Further signature components - 261

7. THE GRANTING OF LICENSES FOR CAs - 262

7.1 REQUIREMENTS UNDER THE DIGITAL SIGNATURE LAW AND ORDINANCE - 262

7.2 ROLES, DUTIES, COMPETENCES AND RESPONSIBILITY - 271

7.3 TRUSTWORTHINESS OF A CA - 274

7.4 LICENSING PROCEDURE FOR CAs - 275

7.4.1 Goal - 275

7.4.2 Subject - 275

7.4.3 Description of the procedure and process - 275

7.4.4 Parties - 281

7.4.5 Duties and Control of CAs - 281

7.4.6 Summary - 282

7.5 PROCEDURES FOR THE RECOGNITION OF EXAMINATION AND CONFIRMATION AUTHORITIES FOR SECURITY PLANS - 283

7.5.1 Goal - 283

7.5.2 Subject - 283

7.5.3 Description of the procedure and process - 284

7.5.4 Parties - 287

7.5.5 Methodology, qualification and competence for the expert evaluation of security plans - 287

7.6 PROCEDURES FOR THE RECOGNITION OF EXAMINATION AND CONFIRMATION AUTHORITIES FOR TECHNICAL COMPONENTS - 289

7.6.1 Goal - 289

7.6.2 Subject - 289

7.6.3 Description of the procedure and process - 290

7.6.4 Parties - 293

8. NORMS AND STANDARDS - 295