To date, the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan has decided to postpone the implementation of the planned changes of the National Certification Center of the Republic of Kazakhstan (hereinafter – NCA RK) in terms of the transition to the cryptographic standard ST RK GOST R 34.10-2015 and the rejection of the authentication key on the RSA algorithm until October 1, 2022 due to the fact that the information systems of government agencies, despite advance notifications of planned changes, NCA RK do not have time to make appropriate improvements in their IS until June 27, 2022 year.

In connection with the above, the update of the information system of the NCA of the Republic of Kazakhstan within the framework of these changes is postponed until October 1, 2022.

The NCA of the Republic of Kazakhstan informs about the placement of an updated version of NCALayer for MacOSX, which fixes problems when installing and using the previous version of the application.

In case of errors when using the new version of NCALayer for MacOSX, please send a request to e-mail info@pki.gov.kz with a detailed description of the problem and screenshots of errors.

Due to the expiration of the SSL certificate on NCALayer The NCALayer application was updated on 06/01/2022.

In case of errors during authentication and signing using the keys of the NCA RK, it is necessary to restart NCALayer (log out and launch the application), if the error repeats, reinstall NCALayer.

1. Transfer to one DS key, i.e. one DS key will be issued to individuals and legal entities based on the ST RK GOST R 34.10-2015 algorithm (hereinafter: GOST 2015), which will be used for both authentication and signing.

2. It is planned to exclude the following unclaimed types of DS keys intended for use by legal entities from the list of available ones:

– “Employee with the right to sign financial documents”;

– “Employee of HR Department”.

3. Today, public and private keys of the NCA RK are generated based on the algorithms: RSA and GOST 34.310-2004. Information technologies and methods of cryptographic analysis are continuously developing, therefore, NCA of the Republic of Kazakhstan plans to transfer to a new interstate cryptographic standard GOST 2015.

4. All previously issued* registration certificates will be maintained until their expiration date.

5. Maintenance of the new GOST 2015 algorithm will be provided by the updated NCALayer. After the release of a new version, the application will automatically prompt a user to update NCALayer.

6. We also inform you that the key information carriers aKey, KazToken and eToken released in 2017 support ST RK GOST R 34.10-2015. Additional information should be requested from the manufacturers of the specified media.

• Information for owners and developers of information systems

1. New registration certificates of NCA RK based on the GOST 2015 and RSA algorithm will be published on the official website of NCA RK(publication date will be announced later at the official website of NCA of RK and in the Telegram channel: https://t.me/nca_rk ). One needs to additionally install this registration certificate in the repository of trusted root registration certificates in information systems.

2. After the release of update by NCA of RK, one registration certificate for signing and authentication will be issued to users. NCA RK will issue registration certificates for individuals and legal entities based on the GOST 2015 algorithm, while registration certificates issued for identity cards and SSL registration certificates will be issued based on the RSA algorithm.

3. New CRL and deltaCRL services will be published to verify registration certificates for revocation. Services for previously issued* registration certificates will remain the same.  

URL for new services:

http://crl.pki.gov.kz /*.crl (actual address of the service will be indicated in a user’s registration certificate)

http://crl1.pki.gov.kz /*.crl (actual address of the service will be indicated in a user’s registration certificate)

URL for old services:

https://crl.pki.gov.kz/nca_gost.crl

https://crl.pki.gov.kz/nca_d_gost.crl

https://crl.pki.gov.kz/nca_rsa.crl

https://crl.pki.gov.kz/nca_d_rsa.crl

4. The addresses of OCSP and TSP services for previously issued* and new registration certificates will remain the same and will be available at the following addresses:

ocsp.pki.gov.kz

tsp.pki.gov.kz            

Optimization of the above-mentioned business processes and updating of the information system of the NTC of the Republic of Kazakhstan are planned for the end of the 2nd quarter of 2022 – june 18/25 .

*Previously issued: registration certificates issued before the transfer to GOST 2015 algorithm.

In connection with the planned technical work, in the period from 21:00 hours on May 21 to 23:00 hours on May 21, 2022, it is possible to exceed the waiting time for the response of the services of the NCA of the Republic of Kazakhstan.