Home
Skip to main content eIDAS szerinti minősített bizalmi szolgáltató
Long-term, more secure time-stamping service

Microsec Zrt. e-Szignó Certificate Authority is committed to providing its Customers with a high quality and secure service at all times.

To this end, our Time Stamping service offers you in the future stronger, more secure ECC-based time stamps .

This new cryptographic algorithm has been supported by most signature creation applications for years, but before using it, you should check to see if your program actually supports the ECC algorithm.

Details of the algorithm change

Starting October 3, 2019 at 10:00 am, the default URL of Microsec Zrt. e-Szigno Certificate Authority used to request the timestamp will provide ECC algorithm timestamps that meet the requirements of the modern age, providing long-term verifiability.

Timestamps based on earlier algorithm (RSA) will be valid until December 30, 2022, will still be available on another URL.  RSA-based timestamps requested after the algorithm change will remain valid until December 30, 2022.

Microsec e-Szigno Certificate Authority has been providing ECC-based timestamping services to its clients through dedicated contacts for more than a year under the ECC root authentication unit.

After October 3, 2019, ECC-based qualified timestamps can be traced back to both our new ECC-based and old RSA-based root certificates.

Why is the change necessary?

International technical requirements for qualified trust service providers (including timestamp services) determine the range of cryptographic algorithms that can be used in the provision of services. According to the relevant technical recommendation*, the RSA algorithm currently in use can be considered compliant until December 31, 2022, which means that, long-term timestamps may no longer be supplied by it.

If you need a longer period of time to verify the signing of your electronically signed documents, you may want to use new ECC timestamps that are valid for at least 11 years with Microsec.

RSA-based timestamps made before October 3, 2019 will continue to be valid for at least 11 years.

* ETSI TS 119 312 V1.3.1 Electronic Signatures and Infrastructures (ESI); Cryptographic Suites

What should I do?

The ECC cryptographic algorithm has been supported by most signature creation applications for years, but it is worth checking the version of the program you are using before using it.

E-Szigno Automata supports ECC algorithm from version 3.3.0.0 (since January 18, 2017). Thus if you updated e-Szigno Automata at least once in the last two and a half years (eg during a critical update) you do not need to take any action.

In the rare case that you are still using an earlier version of e-Szigno Automata, please upgrade to the current version. In case you don’t have the option to update your e-Szigno Automata until the specified time, then change the timestamp URL to the RSA based timestamp URL . In case the e-Szigno Automata registration xml file contains the URL of the timestamp service, a new registration file must be issued. In this case, please contact our customer service.

Please note that our RSA-based timestamps, subject to applicable requirements, ensure signatures are verifiable by December 30, 2022. If you need longer-term retention, you should arrange for the documents to be over timestamped before the deadline or place them at a qualified archiving service.

Microsec e-Szignol Client application supports the ECC cryptographic algorithm since version 3.3.0.1. If you did not turn off the auto-update feature, the application has already been updated with ECC support.

Adobe Reader has  supported the ECC cryptographic algorithm since 2017.

How can I check if my application supports the ECC algorithm?

Download this file and verify its signature. If your signature verification application declares the signature valid, you are ready to receive the new ECC-based timestamps that provide greater security.

You have the opportunity to test ECC-based timestamping using our ECC-based timestamping test service.

Can I switch to ECC time stamping before the algorithm change?

Customers with a valid time-stamping service can switch from RSA-based time stamping at any time to ECC-based time stamping.

This requires setting the corresponding ECC-based timestamp availability instead of the default timestamp availability before changing the algorithm.

In addition, if you use e-Szigno Automata, if the registration XML file contains the availability of the timestamp service, you will need to obtain a new registration file. In this case, please contact our Customer Service.

If I get stuck, whom should I contact?

If you have any questions regarding the above, please contact our support team at support@microsec.com.

Important availabilities:

I. Default qualified timestamp URLs

(Provides RSA-based timestamps before October 3,2019 and ECC-based timestamps from October 3, 2019 that remain verifiable for 11 years):

General use:

Large consumer use:

Restricted use:

II. RSA-based qualified timestamping service

(Provides RSA-based timestamps after October 3,2019 that are valid till December 30, 2022 )

General use:

Large consumer use:

Restricted use:

III. ECC-based qualified timestamping service

(Provides ECC-based timestamps after October 3,2019  that can be traced back to both our new ECC-based and old RSA-based root certificates)

General use:

Large consumer use:

Restricted use:

IV. Our root certificates:

To verify the new ECC-based timestamps, your application must trust at least one of the two root certificates. All versions of the Microsec e-Szigno Automata and e-Szigno Client application contain the RSA-based Root Certificate, the ECC-based Root Certificate is contained in the e-Szigno Automata from version 3.3.0.14 and in the e-Szigno Client application from 3.3.0.15. version. By default, Adobe Reader recognizes an RSA-based root certificate.

V. e-Szigno Automata Update

Sign in to the following page with your existing username and password:

https://srv.e-szigno.hu/ugyfelkezelo_eszigno

Please note that the latest version of the e-Szigno Automata downloadable (from 3.3.2.2) uses a new registration mechanism, so a new registration file will be required, which will be automatically downloaded by the e-Szigno Automata based on the previous registration file. This requires access to the registration server (https://srv.e-szigno.hu).

VI. ECC based TEST timestamp service:

 

ECC-based Test Timestamps can be verified by using the root certificate of the ECC-based Test Hierarchy, available at: https://test.e-szigno.hu/trootca2017.crt