The Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan has decided to postpone the implementation of the planned changes of the National Certification Center of the Republic of Kazakhstan (hereinafter – NCA RK) in terms of the transition to the cryptographic standard ST RK GOST R 34.10-2015 and the rejection of the authentication key on the RSA algorithm due to the fact that the information systems of government agencies, despite advance notifications of planned changes, NCA RK do not have time to make appropriate improvements in their IS.
In connection with the above, the date of transition to the cryptographic standard ST RK GOST R 34.10-2015 will be additionally announced on the website of the channel of the NCA RK and in official telegrams.
About the changes:
1. Transfer to one DS key, i.e. one DS key will be issued to individuals and legal entities based on the ST RK GOST R 34.10-2015 algorithm (hereinafter: GOST 2015), which will be used for both authentication and signing.
2. It is planned to exclude the following unclaimed types of DS keys intended for use by legal entities from the list of available ones:
– “Employee with the right to sign financial documents”;
– “Employee of HR Department”.
3. Today, public and private keys of the NCA RK are generated based on the algorithms: RSA and GOST 34.310-2004. Information technologies and methods of cryptographic analysis are continuously developing, therefore, NCA of the Republic of Kazakhstan plans to transfer to a new interstate cryptographic standard GOST 2015.
4. All previously issued* registration certificates will be maintained until their expiration date.
5. Maintenance of the new GOST 2015 algorithm will be provided by the updated NCALayer. After the release of a new version, the application will automatically prompt a user to update NCALayer.
6. We also inform you that the key information carriers aKey, KazToken and eToken released in 2017 support ST RK GOST R 34.10-2015. Additional information should be requested from the manufacturers of the specified media.
- Information for owners and developers of information systems
1. New registration certificates of NCA RK based on the GOST 2015 and RSA algorithm will be published on the official website of NCA RK(publication date will be announced later at the official website of NCA of RK and in the Telegram channel: https://t.me/nca_rk ). One needs to additionally install this registration certificate in the repository of trusted root registration certificates in information systems.
2. After the release of update by NCA of RK, one registration certificate for signing and authentication will be issued to users. NCA RK will issue registration certificates for individuals and legal entities based on the GOST 2015 algorithm, while registration certificates issued for identity cards and SSL registration certificates will be issued based on the RSA algorithm.
3. New CRL and deltaCRL services will be published to verify registration certificates for revocation. Services for previously issued* registration certificates will remain the same.
URL for new services:
Actual address of the service will be indicated in a user’s registration certificate.
URL for old services:
https://crl.pki.gov.kz/nca_gost.crl
https://crl.pki.gov.kz/nca_d_gost.crl
https://crl.pki.gov.kz/nca_rsa.crl
https://crl.pki.gov.kz/nca_d_rsa.crl
4. The addresses of OCSP and TSP services for previously issued* and new registration certificates will remain the same and will be available at the following addresses:
Optimization of the above-mentioned business processes and updating of the information system of the NTC of the Republic of Kazakhstan are planned for the end of the 2nd quarter of 2022 – june 18/25.
*Previously issued: registration certificates issued before the transfer to GOST 2015 algorithm.