of October 3, 2024 No. 57
About approval of technical requirements in the field of qualified confidential services
According to Art. 35 of h (2) the item f) the Law No. 124/2022 on electronic identification and confidential services (The official monitor of the Republic of Moldova, 2022, 317) I ORDER to Art. No. 170-176,:
1. Approve Technical requirements in the field of qualified confidential services (are applied).
2. The order of the director of Service of information and safety of the Republic of Moldova No. 69/2016 "About approval of Technical regulations in the field of the advanced qualified digital signature" (Official monitor of the Republic of Moldova, 2016, No. 115-116, Art. 1201), with subsequent changes, to declare invalid.
3. This order becomes effective from the date of its publication in the Official monitor of the Republic of Moldova.
Director
To Alexander Mustyatsa
Approved by the Order of the director of Service of information and safety of the Republic of Moldova of October 3, 2024 No. 57
1. Technical requirements in the field of qualified confidential services (further – Requirements) establish regulations and requirements of compliance to standards and recommendations in the field of qualified confidential services, to the principles of forming of public key infrastructure, in particular:
1) Requirements to public and private key for qualified confidential services;
2) Requirements to qualified digital signatures and qualified electronic seals;
3) Requirements to qualified digital signature certificates or electronic seals;
4) Requirements to qualified electronic tags of time;
5) Requirements to the qualified registered services of electronic distribution;
6) Requirements to qualified certificates for authentication of the web page;
7) Requirements to safe lists.
2. The closed and public key of the skilled supplier of confidential services levels 3 or 4, are created with use of the qualified device of the creation of the digital signature established in the FIPS mode according to requirements of FIPS 140-2 Security Requirements For Cryptographic Modules or Common Criteria of at least "EAL4" are certified, or Common Criteria of at least "EAL4", either SM EN 419 211 Profiluri de protectie pentru dispozitive securizate de creare a semnaturii, or SM EN 419 221 Profiluri de protectie pentru module criptografice TSP are certified.
3. The minimum length of public and private keys constitutes:
1) users of qualified confidential services – 2048 bits for algorithm of RSA and 256 bits for algorithm of ECC;
2) skilled suppliers of confidential services – 4096 bits for algorithm of RSA and 384 bits for algorithm of ECC.
4. Effective period of private key of the user of qualified confidential services and the certificate of the public key corresponding to private key constitutes:
1) up to 2 years inclusive – for the minimum length of the opened and closed keys of 2048 bits, for algorithm of RSA;
2) up to 3 years inclusive – for the minimum length of the opened and closed keys 3072 bits, for algorithm of RSA and 256 bits for algorithm of ECC;
3) up to 5 years – for the minimum length of the opened and closed keys of 4096 bits for algorithm of RSA and 384 bits for algorithm of ECC.
5. Management of the closed and public keys of the skilled supplier of confidential services is performed according to recommendations:
1) IETF RFC 4210 Internet X.509 Public Key Infrastructure; Certificate Management Protocol (CMP);
2) IETF RFC 6712 Internet X.509 Public Key Infrastructure – HTTP Transfer for the Certificate Management Protocol (CMP);
3) IETF RFC 4211 Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF).
6. Private keys of suppliers of qualified confidential services are created and stored on the material carriers performing cryptographic functions – devices for creation of qualified digital signatures or seals. Cryptographic transactions on creation of public and private key of skilled suppliers of confidential services and creation of the qualified digital signature with use of private key of the supplier shall be carried out on the microchip of the physical carrier.
7. Private keys of users of qualified confidential services are created and stored on devices of creation of the qualified digital signature or electronic seal.
8. Qualified digital signatures and seals shall correspond to provisions at least of one of the following standards:
1) SM ETSI EN 319 132 Semnaturi electronice si infrastructuri (ESI). Semnaturi digitale in format XAdES (SM ETSI TS 103 171 Semnaturi electronice si infrastructuri (ESI), Profil de baza XAdES; SM ETSI TS 101 903 Semnaturi electronice si infrastructuri (ESI). Semnaturi electronice avansate XML (XAdES));
2) SM ETSI EN 319 122 Semnaturi electronice si infrastructuri (ESI). Semnaturi digitale in format CAdES (SM ETSI TS 103 173 Semnaturi electronice si infrastructuri (ESI), Profil de baza CAdES; SM ETSI TS 101 733 Semnaturi electronice si infrastructuri (ESI). Semnaturi electronice avansate CMS (CAdES));
3) SM ETSI EN 319 142 Semnaturi electronice si infrastructuri (ESI). Semnaturi digitale in format PAdES. Partea 1: Elemente de constructie si semnaturi de baza PAdES (SM ETSI TS 103 172 Semnaturi electronice si infrastructuri (ESI), Profil de baza PAdES; SM ETSI TS 102 778 Semnaturi electronice si infrastructuri (ESI). Profil PDF avansat al semnaturii electronice);
4) SM ETSI EN 319 162 Semnaturi electronice si infrastructuri (ESI). Containere de semnaturi asociate (ASiC) (SM ETSI TS 103 174 Semnaturi electronice si infrastructuri (ESI). Profil de baza ASiC).
9. Creation and verification of the qualified digital signature and qualified electronic seal shall conform to the requirements established by the following standards or recommendations:
1) SM ISO/CEI 9796 Tehnologia informatiei. Tehnici de securitate. Scheme de semnaturi digitale care restabilesc mesaje;
2) SM SR ISO/CEI 14888 Tehnologia informatiei. Tehnici de securitate. Semnaturi digitale cu supliment;
3) IETF RFC 3447 Public Key Cryptography Standards PKCS#1: RSA Cryptography Specifications, versiunea 2.1;
4) FIPS Publication 186-3 Digital Signature Standard (DSS).
10. Suppliers of qualified confidential services shall use hash function of SHA-256 or more difficult hash function.
11. Algorithms hash functions shall conform to requirements of one of the following standards:
1) SM ISO/CEI 10118-1 Tehnologia informatiei. Tehnici de securitate. Functii hash;
2) FIPS Publication 180-3 Secure Hash Standard (SHS).
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.