CRYPTO BLOG

A collection of cryptographic articles and resources

PAdES and Long Term archival (LTA)

17. March 2017 by Dawn M. Turner (guest)

Under the eIDAs Regulation, specifications for formatting advanced electronic signatures for PDF documents are set under PAdES. PAdES is the electronic signature design for PDF Advanced Electronic Signatures.

Read More

Implementing Digital Authentication in accordance with the new NIST guidelines (SP 800-63-3)

07. March 2017 by Heather Walker (guest)

In 2016, the National Institute of Standards and Technology (NIST) (run by the US Department of Commerce) announced they were producing a new publication which would overhaul their previous guidance for digital authentication – which was released on August 30th. As there are not formal, national standards in the US (aside from government agencies) as there are in the EU, NIST provides best practices and guidance for organizations looking for guardrails and support. This publication supports OMB guidance “E-Authentication Guidance for Federal Agencies” and is the third produced which focuses on digital authentication.

Read More

Generating Cryptographic Keys: Will Your Random Number Generators (PRNGs) Do The Job?

22. February 2017 by Chuck Easttom (guest)

Conversations about cryptography are common place in the cyber-security world.  One can find security professionals discussing everything from PKI to issues with RSA.  But while we are discussing issues with algorithms, implementation of cryptographic protocols, authentication algorithms, and other such topics, we often lose sight of a fundamental part of the entire process – key generation.

Read More

UBS launches qualified electronic signatures

17. February 2017 by Dawn M. Turner (guest)

The ZertES legislation (Swiss digital signature law) was placed into effect in Switzerland on December 19, 2003. The purpose of this legislation was to regulate the manner for which trust service providers could use certification services with electronic signatures. The law also gives guidelines that specify the provider’s rights and obligations in the course of providing these certification services. By promoting the use of secure services for electronic certification, ZertES has facilitated the use of qualified electronic signatures that are elevated to the same legal value as that of a handwritten signature.

Read More

The future of eIDAS in Britain

09. February 2017 by Gaurav Sharma (guest)

Markets hate uncertainty and the confusion regarding issues related to Britain’s exit from the European Union have roiled equity and currency markets. But it’s not just the financial markets which are affected- companies which rely upon EU regulations in order to conduct their day to day business are also reeling from this uncertainty. One such important regulation is eIDAS was created in order to bring about uniformity and security in electronic transactions across EU member states. It sought to standardize the regulations on electronic signatures and trust services across the entire bloc.

Read More