CWA 14167-2

Key Archival

At the end of a key’s operational life it may be archived to allow use of the key at some later (undefined) time. This is specifically in reference to Public Keys used to verify digital signature but does not preclude archiving of other types of keys where justified.

In compliance with CWA 14167-1, Section 5.1.5.2 KM1.1-7, Digi-CA™ is configured to work with Eracom and nCipher HSMs and these HSMs comply with this standard whilst the Digi-CA™ ensure Infrastructure and Control Keys are generated and maintained in the HSM. All key generation meets the cryptographic requirements specified in [ALGO].

In compliance with CWA 14167-1, Section 5.1.5.2 KM2.1-2.4, the Digi-CA™ private and secret keys are not distributed in plain text and Public Keys that have not been certified are kept secure to prevent interception or manipulation and the Digi-CA™ distributes the cryptographic keys in accordance with either the package or process cryptographic key distribution method.

The Public Key associated with all the Signing Keys and/or Infrastructure Keys (e.g. Revocation Status Service, Time-Stamping Service) can be made available to Subjects and Relying Parties. The integrity and authenticity of this Public Key and any associated parameters is maintained during initial and subsequent distribution.

In compliance with CWA 14167-1, Section 5.1.5.2 KM2.5, the Digi-CA™ the SSRoot is verifiable using data provided within the Digi-ID™ and the Digi-ID™ subject and issuer fields are identical.

In compliance with CWA 14167-1, Section 5.1.5.2 KM2.6, the Digi-CA™ is capable of producing a fingerprint of a self-signed certificate using the hashing algorithms defined in [ALGO].

In compliance with CWA 14167-1, Section 5.1.5.2 KM3.1-3, access controls to the Digi-CA™ are in place for all secure cryptographic modules used for all signing, infrastructure and control keys. The Digi-CA™ provides support for dual-person control when using control keys and this provides administration functionality of the Digi-CA™. Separate infrastructure keys are generated for separate functions and infrastructure keys associated with the Registration Service, Digi-CA™ and the Revocation Management Service are not shared.

In compliance with CWA 14167-1, Section 5.1.5.2 KM3.4-5, the Subject Device Provision Service, ensures that the subject keys for creating the Digi-IDs™ are separate from those used for other functions and that the key usage extension is present in the signature certificate being issued. If the key usage non Repudiation bit is asserted then it is not combined with any other key usage and authorised key usage only occurs within the operational life of the key.

In compliance with CWA 14167-1, Section 5.1.5.2 KM3.6, before the Digi-CA™ relies on Digi-IDs™ for asymmetric infrastructure or controls keys they ensure that the Digi-IDs™ related to these keys are still valid and this is done by checking the CRL.

In compliance with CWA 14167-1, Section 5.1.5.2 KM4.1-2, the Digi-CA™ enables the infrastructure and control keys to be changed on a regular basis and if any of the algorithms used in the Digi-CA™ are considered to have become unsuitable (as specified in [ALGO]), keys based on those algorithms are changed immediately. Key changeover is carried out securely and requires an out-of-band change.

In compliance with CWA 14167-1, Section 5.1.5.2 KM5.1-2, when all the Signing Keys reach the end of their life they are destroyed such that the signing keys cannot be retrieved and when the systems have been used to generate, use or store secret/Private Keys and are to be withdrawn from service or transferred their associated keys they too are destroyed.

In compliance with CWA 14167-1, Section 5.1.5.2 KM5.3-4, the Digi-CA™ provides the capability to zeroise plaintext secret and Private Keys stored in both the hardware and the software and the software key destruction is carried out using secure wiping processes that positively overwrite the keys.

In compliance with CWA 14167-1, Section 5.1.5.2 KM6.1-3, the Digi-CA™ facilitates the secure storage of all Private Keys and in conjunction with the HSM all the Signing Key are stored in, as is the private/secret infrastructure and control.

In compliance with CWA 14167-1, Section 5.1.5.2 KM6.4, if any private/secret key in a secure cryptographic module or HCD is exported from that module, it is protected by the module, to ensure its confidentiality, before being stored outside that module and any other sensitive key material is never be stored in an unprotected state.

All Signing Keys of the Digi-CA™ may be stored and backed up only when additional security mechanisms are in place. For instance, this may be accomplished using m of n techniques, where m component parts out of a total of n component parts are required for successful key initialization. For recovery from failure purposes, it is recommended that m= 2. If n = 4, then m = 3, if n = 5, then m = 3, etc.

In compliance with CWA 14167-1, Section 5.1.5.2 KM6.5-7, the Digi-CA™ ensures that backup, storage and restoration of private/secret NQC/QC Signing, Infrastructure and Control Keys is only performed by authorized personnel (e.g. Security Officer role) and ensures that backup, storage and restoration of private NQC/QC Signing Keys is only performed at least under dual-person control and does not contain functions that allow for backup or escrow of Subject signature keys (Private Keys).

In compliance with CWA 14167-1, Section 5.1.5.2 KM7.1, the Digi-CA™ does not contain functions that allow for backup or escrow of Subject signature keys (Private Keys).

In compliance with CWA 14167-1, Section 5.1.5.2 AA1.1, the Digi-CA™ logs the following:

• Significant environmental, key management and Digi-ID™ management events
• Start-up and shut-down of the audit data generation function
• Changes to the audit parameters
• Actions taken due to audit storage failure
• All access attempts to the Digi-CA™ are logged

In compliance with CWA 14167-1, Section 5.1.5.2 AA2.1-2, the Digi-CA™ system maintains audit data and guarantee sufficient space is reserved for that data and the audit log cannot be automatically overwritten.

In compliance with CWA 14167-1, Section 5.1.5.2 AA3.1, the Digi-CA™ system service specific audit logging for all audit records that contain the following parameters:

• date and time of event
• type of event
• identity of the entity responsible for the action
• success or failure of the audited event

In compliance with CWA 14167-1, Section 5.1.6 AA4.1-2, the Digi-CA™ provides the capability to search for events in the audit log based on the date and time of event, type of event and/or identity of the user and the audit records are presented in a manner suitable for the user to interpret the information.

In compliance with CWA 14167-1, Section 5.1.6 AA4.1-2, the Digi-CA™ prohibits all user read access to the audit records, except those users that have been granted explicit read access (e.g. those with System Auditor role) and modifications of the audit records is prevented.

In compliance with CWA 14167-1, Section 5.1.6 AA6.1, the Digi-CA™ generates an email alarm to the Security Officer upon detection of a potential or actual security violation.

In compliance with CWA 14167-1, Section 5.1.6 AA7.1, the Digi-CA™ ensures the integrity of the audit data for non qualified Digi-IDs™ and for qualified Digi-IDs™ ensures the integrity of the audit data by providing a digital signature, keyed hash or an authentication code with each entry in the audit log, computed over the entire audit log or over the current entry and the cryptographic result of the previous one and also provides a function to verify the integrity of the audit data.

In compliance with CWA 14167-1, Section 5.1.6 AA8.1, the Digi-CA™ the use of a trusted time source that is used to mark the time of audited events.

In compliance with CWA 14167-1, Section 5.1.7 AR1.1-4, the Digi-CA™ is capable of generating an archiving on media appropriate for storage and subsequent processing in providing necessary legal evidence in support of electronic signatures. Each entry includes the time at which the event occurred and does not include critical security parameters in an unprotected form. The following items are archived:

• All Digi-IDs™
• All CRLs/ARLs
• All Audit logs

In compliance with CWA 14167-1, Section 5.1.7 AR2.1, the Digi-CA™ provides the capability to search for events in the archive based on the type of events.

In compliance with CWA 14167-1, Section 5.1.7 AR3.1, the Digi-CA™ ensures each entry in the archive is protected from modification.

In compliance with CWA 14167-1, Section 5.1.8 BK1.1-3, the Digi-CA™ includes a backup function so that the data stored in the backup is sufficient to recreate the state of the system and a user linked to a role with sufficient privileges is capable of invoking the backup function on demand.

In compliance with CWA 14167-1, Section 5.1.8 BK2.1-2, the Digi-CA™ backups are protected against modification and are protected against modification through use of digital signatures, keyed hashes or authentication codes. Critical security parameters and other confidential information is stored in encrypted form only and the encryption meets the cryptographic requirements specified in [ALGO].

In compliance with CWA 14167-1, Section 5.1.8 BK3.1-2, the Digi-CA™ include a recovery function that is able to restore the state of the system from a backup and a user linked to a role with sufficient privileges is capable of invoking the recovery function on demand.

In compliance with CWA 14167-1, Section 5.2.1 GE1, the Digi-CA™ ensures that all messages created by any core service is protected (e.g. by using message authentication codes, digital signatures, etc.) by using the service’s Infrastructure Keys, contains a message time, to indicate the time at which the sender created the message and includes replay attack protection (e.g. by using nonces).

In compliance with CWA 14167-1, Section 5.2.2.1, the Digi-CA™ ensures that the Digi-ID™ application is carried out by the Registration Service after identification of the Subject has been carried out meeting the requirements specified in the associated Certificate Policy in accordance with ETSI 101 456 and that the Registration Service by its nature manages end entity subject data that may be affected by many different data protection requirements.

In compliance with CWA 14167-1, Section 5.2.2.2 R1, the Digi-CA™ ensure that if the Digi-ID™ application contains any subject sensitive information, the Digi-ID™ request is protected before being forwarded from the Registration Service to the Digi-CA™ thus ensuring message confidentiality but this functionality is only provided if required by the customer or the local legislation in the territory where the Digi-CA™ Xg Trust Centre resides.

In compliance with CWA 14167-1, Section 5.2.2.2 R1.2, the Digi-CAST3™ Team will ensure that the service implements a suitable mechanism to obtain proof-of-possession (POP) to ensure the entity requesting Certification is the actual holder of the Private Key related to the Public Key requiring Certification (an example of this would be to include a signature block with each Digi-ID™ application, which is created by the Private Key associated with the Public Key requiring Certification. Suitable algorithms for creating the signature are detailed in [ALGO]).

In compliance with CWA 14167-1, Section 5.2.2.2 R1.3-4, the Digi-CAST3™ Team will ensure that the Registration Service is be configured to allow collection of enough data from the subject to satisfy the requirements for QCs as specified in Annex I of [Dir.1999/93/EC]. And the Digi-CA™ provides a mechanism to allow approval of Digi-ID™ applications using the RA Control Centre, by a Registration Officer, before leaving the Registration Service.

In compliance with CWA 14167-1, Section 5.2.2.2 R1.3-4, the Digi-CAST3™ Team will ensure that the Registration Service notes the time of the application and the information publication control to allow subjects to control the Digi-CA’s™ publication of the QC via the Dissemination Service.

In compliance with CWA 14167-1, Section 5.2.2.2 R1.6, the Digi-ID™ requests from the Registration Service are digitally signed for authentication and data integrity using its Infrastructure or Control Keys.

In compliance with CWA 14167-1, Section 5.2.2.2 R2.1, the Digi-CA™ implements mechanisms and security controls to protect the privacy and confidentiality of Subject information.

In compliance with CWA 14167-1, Section 5.2.2.2 R3.1, the Digi-CA™ logs all events relating to registration including Digi-ID™ re-key/renewal requests and approved requests for Certification.

In compliance with CWA 14167-1, Section 5.2.3.1, when using the Package Method, the Digi-CA™ generates the Digi-ID™ using the Public Key supplied. This ensures the CSP has ‘locked’ the binding of the Subject’s Public Key to its identity.

During the period prior to the expiration of the Digi-ID™, such period being defined by the Certificate Policy, the Digi-CA™ renewal of the new Digi-ID™ is produced using the existing Public Key or a re-key using the registration information used to generate the previous Digi-ID™. Digi-ID™ renewal covers Infrastructure, Control and Subject Digi-IDs™.