Cryptography Reference
In-Depth Information
Each eID card contains two signature key pairs and one additional signa-
ture key:
Authentication key pair
. This key pair is used to support digital card holder
authentication.
Non-repudiation key pair
. This key pair is used to support digital signature
creation.
Card signature key
. This signature key can be used to authenticate the card, rather
than the card holder. Only the NR knows the verification key that corresponds
to a particular eID card. This signature key is only used for administrative
operations between the card and the NR.
Note that the eID card enforces the principle of key separation (see Section 10.6.1)
by having separate signature key pairs for the two different security services.
As well as being an example of good key management practice, there are legal
reasons for this separation since the non-repudiation verification key requires a
higher level of certificate in order to facilitate legal recognition of digital signatures
verified using it (see Section 12.6.5).
We now consider how the first two key pairs are used to support the three core
digital eID card functions.
DIGITAL DATA PRESENTATION
This involves a verifying party reading the card data and then gaining assurance
that the data on the card is correct. To gain this assurance, the verifying party
needs to verify two digital signatures that are created by the NR and stored on the
eID card:
Signed identity file
. This is a digital signature generated by the NR on the identity
file.
Signed identity and address file
. This is a digital signature generated by the NR on
a concatenation of the signed identity file and the address file. In other words,
this takes the form:
.
A verifying party can then verify the card data by first using the verification key of
the NR to verify the signed identity file. If this check is fine then they can proceed
to verify the signed identity and address file.
The reason that the NR does not simply sign all the card data is that address
changes are much more frequent than changes to the content of the identity file.
Thus the NR can update an address on the card without having to reissue a new
eID card. Hence a major administrative operation is saved at the expense of a
slightly more complex verification process of the card data.
sig
NR
(
sig
NR
(identity file)
||
address file)
DIGITAL CARD HOLDER AUTHENTICATION
Each eID card holder can activate the signature keys on the eID card through the
use of a PIN. The card holder also requires access to an
eID card reader
, which
