In accordance with the entry into force of amendments to the Order of the Acting Minister for Investment and Development of the Republic of Kazakhstan dated June 26, 2015 No. 727 “On Approval of the Rules for Issuing, Storing, Revoking Registration certificates and confirming the ownership and Validity of the public key of an electronic digital signature by the root certifying center of the Republic of Kazakhstan, the Certifying center of State bodies and the national Certifying center Of the Republic of Kazakhstan” (Adopted on December 1, 2023 No. 595/NK), we inform, that on April 30, 2024, the transition to the cryptographic standard ST RK GOST R 34.10-2015 will be implemented.
About the changes:
1. Transfer to one DS key, i.e. one DS key will be issued to individuals and legal entities based on the ST RK GOST R 34.10-2015 algorithm (hereinafter: GOST 2015), which will be used for both authentication and signing.
2. It is planned to exclude the following unclaimed types of DS keys intended for use by legal entities from the list of available ones:
– “Employee with the right to sign financial documents”;
– “Employee of HR Department”.
3. Today, public and private keys of the NCA RK are generated based on the algorithms: RSA and GOST 34.310-2004. Information technologies and methods of cryptographic analysis are continuously developing, therefore, NCA of the Republic of Kazakhstan plans to transfer to a new interstate cryptographic standard GOST 2015.
4. All previously issued* registration certificates will be maintained until their expiration date.
5. Maintenance of the new GOST 2015 algorithm will be provided by the updated NCALayer. After the release of a new version, the application will automatically prompt a user to update NCALayer.
6. We also inform you that the key information carriers aKey, KazToken and eToken released in 2017 support ST RK GOST R 34.10-2015. Additional information should be requested from the manufacturers of the specified media.
- Information for owners and developers of information systems
1. New registration certificates of NCA RK based on the GOST 2015 and RSA algorithm will be published on the official website of NCA RK(publication date will be announced later at the official website of NCA of RK and in the Telegram channel: https://t.me/nca_rk ). One needs to additionally install this registration certificate in the repository of trusted root registration certificates in information systems.
2. After the release of update by NCA of RK, one registration certificate for signing and authentication will be issued to users. NCA RK will issue registration certificates for individuals and legal entities based on the GOST 2015 algorithm, while registration certificates issued for identity cards and SSL registration certificates will be issued based on the RSA algorithm.
3. New CRL and deltaCRL services will be published to verify registration certificates for revocation. Services for previously issued* registration certificates will remain the same.
URL for new services:
Actual address of the service will be indicated in a user’s registration certificate.
URL for old services:
https://crl.pki.gov.kz/nca_gost.crl
https://crl.pki.gov.kz/nca_d_gost.crl
https://crl.pki.gov.kz/nca_rsa.crl
https://crl.pki.gov.kz/nca_d_rsa.crl
4. The addresses of OCSP and TSP services for previously issued* and new registration certificates will remain the same and will be available at the following addresses:
Optimization of the above-mentioned business processes and updating of the information system of the NTC of the Republic of Kazakhstan are planned for the end of the 2nd quarter of 2022 – june 18/25.
*Previously issued: registration certificates issued before the transfer to GOST 2015 algorithm.