ORDER OF THE MINISTRY OF JUSTICE OF UKRAINE, ADMINISTRATION OF PUBLIC SERVICE OF SPECIAL COMMUNICATION AND INFORMATION PROTECTION OF UKRAINE

of November 18, 2019 No. 3563/5/610

About establishment of requirements to technical means, processes of their creation, use and functioning as a part of information and telecommunication systems of provision of electronic confidential services

According to Article part two 7, Article parts two 8, to Item 8 of the Section VII "Final and transitional provisions" of the Law of Ukraine "About electronic confidential services", to the paragraph to the second Item 73 of requirements in the field of the electronic confidential services approved by the resolution of the Cabinet of Ministers of Ukraine of November 7, 2018 No. 992, for the purpose of ensuring interoperability and technological neutrality of national technical solutions, and also non-admission of their discrimination of PRIKAZYVAYEM:

1. Determine that:

1) technical means which are created, used and function as a part of information and telecommunication systems of provision of electronic confidential services, namely software and hardware complexes and means of the qualified digital signature or seal (further - technical means), apply the algorithms of cryptographic information protection given in the national standards determined in Items 55 - 58 Lists of the standards applied by skilled suppliers of electronic confidential services during provision of qualified electronic confidential services which is applied to the requirements in the field of electronic confidential services approved by the resolution of the Cabinet of Ministers of Ukraine of November 7, 2018 No. 992 (further - the List), shall conform to requirements of national standards which are determined in Items 1 - 50 and 66 - 77 Lists, in full;

2) technical means which apply the algorithms of cryptographic information protection given in the national standards determined in Items 51 - 53 Lists shall conform to requirements of national standards which are determined in Items 1 - 50 and 66 - 77 Lists, and also GSTU state standard specification 28147:2009 "Information handling systems. Protection cryptographic. Algorithms of cryptographic conversion" and to the international recommendations of RFC 5208 and RFC 2898 in full taking into account the features concerning identification the politician of the certificate, national algorithms of cryptographic information protection and other information objects, calculations corresponding hash functions and creations of the digital signature;

3) by results of state examination in the field of cryptographic information protection compliance of technical means to requirements of national standards which are determined in Items 28 - 33 Lists, in volume of the performed functions is confirmed by documents on compliance or positive expert opinions (to destination).

2. To skilled suppliers of electronic confidential services, customers, developers and vendors of means of the qualified digital signature or seal, the organizations which use electronic confidential services during electronic interaction of physical persons and legal entities which requires departure, obtaining, use and permanent storage with participation of the third parties of electronic data whose analogs on papers shall contain the sign manual according to the legislation, and also checks of authenticity in components of information systems in which processing of such electronic data and owners of information in whom public authorities, local government bodies, the companies, organizations and the organizations of the state pattern of ownership are is performed, to provide application of the requirements to technical means established by this order and personal keys, which generation is performed before entry into force of this order,

before the termination of effective period of the appropriate qualified certificates of public keys, but no later than November 06, 2020.

3. The subjects of legal relations in the field of electronic confidential services using qualified certificates of public keys in the activities apply the qualified digital signature:

1) within the country for the purpose of providing electronic document management and electronic authentication of persons according to:

GSTU 4145-2002 "Information technologies. Cryptographic information protection. The digital signature based on elliptic curves. Forming and check" about hash function in accordance with GOST 34.311-95 "Information technology. Cryptographic information protection. Hashing function". These national standards are applied to creation of the qualified digital signature till January 01, 2022 and to creation of the qualified digital signature for the purpose of provision of information on the status of certificates of public keys before completion of term of their action and to verification of the qualified digital signature;

GSTU 4145-2002 "Information technologies. Cryptographic information protection. The digital signature based on elliptic curves. Forming and check" about hash function in accordance with GOST 7564-2014 "Information technologies. Cryptographic information protection. Hashing function". These national standards are applied to creation of the qualified digital signature since January 01, 2021 and to verification of the qualified digital signature;

GSTU ISO/IEC 14888-3:2019 "Information technologies. Protection methods. Digital signatures with appendix. Part 3. Mechanisms on the basis of discrete logarithming" using algorithm ECDSA with extent of expansion of the main field of elliptic curve at least than 256 with functions hash of sha256 or sha512 according to FIPS PUB 180-4 "Secure Hash Standard";

2) for cross-border cooperation with any purpose, according to requirements:

GSTU ETSI EN 119 312:2015 "Digital signatures and infrastructures (ESI). Cryptographic sets" and within the country with other purpose, than it is specified in the subitem of 1 this Item and this subitem, by application of algorithms of the digital signature;

RSA according to RFC 3447 "Public-Key Cryptography Standards (PKCS) No. 1: RSA Cryptography Specification Version 2.1" with key length at least than 4096 bits with functions sha256 hash according to FIPS PUB 180-4;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info