1. Transfer to
one DS key, i.e. one DS key will be issued to individuals and legal
entities based on the ST RK GOST R 34.10-2015 algorithm (hereinafter:
GOST 2015), which will be used for both authentication and signing.
2. It is planned to exclude the
following unclaimed types of DS keys intended for use by legal
entities from the list of available ones:
– “Employee with the right
to sign financial documents”;
– “Employee of HR
Department”.
3. Today, public
and private keys of the NCA RK are generated based on the algorithms: RSA and
GOST 34.310-2004. Information technologies and methods of cryptographic
analysis are continuously developing, therefore, NCA of the Republic of
Kazakhstan plans to transfer to a new interstate cryptographic standard GOST 2015.
4. All previously issued* registration certificates will be maintained until their expiration date.
5. Maintenance of the new GOST 2015 algorithm will be provided by the updated NCALayer. After the release of a new version, the application will automatically prompt a user to update NCALayer.
6. We also inform you that the key information carriers aKey, KazToken and eToken released in 2017 support ST RK GOST R 34.10-2015. Additional information should be requested from the manufacturers of the specified media.
- Information for owners and developers of information systems
1. New
registration certificates of NCA RK based on the GOST 2015 and RSA algorithm
will be published on the official website of NCA RK(publication date
will be announced later at the official website of NCA of RK and in the
Telegram channel:
https://t.me/nca_rk ). One needs to additionally install this registration certificate in the
repository of trusted root registration certificates in information systems.
2. After the
release of update by NCA of RK, one registration certificate for signing and
authentication will be issued to users. NCA RK will issue registration
certificates for individuals and legal entities based on the GOST 2015
algorithm, while registration certificates issued for identity cards and SSL
registration certificates will be issued based on the RSA algorithm.
3. New CRL and
deltaCRL services will be published to verify registration certificates for
revocation. Services for previously issued* registration certificates will
remain the same.
URL for new services:
http://crl.pki.gov.kz /*.crl (actual address of the service will be indicated in a user’s registration
certificate)
http://crl1.pki.gov.kz /*.crl (actual address of the service will be indicated in a user’s registration
certificate)
URL for old services:
https://crl.pki.gov.kz/nca_gost.crl
https://crl.pki.gov.kz/nca_d_gost.crl
https://crl.pki.gov.kz/nca_rsa.crl
https://crl.pki.gov.kz/nca_d_rsa.crl
4. The
addresses of OCSP and TSP services for previously issued* and new
registration certificates will remain the same and will be available at the
following addresses:
ocsp.pki.gov.kz
tsp.pki.gov.kz
Optimization of the above-mentioned business processes and updating of the information system of the NTC of the Republic of Kazakhstan are planned for the end of the 2nd quarter of 2022 – june 18/25 .
*Previously issued: registration
certificates issued before the transfer to GOST 2015 algorithm.