Print

SHA-256 hashing algorithm is introduced for organisation certificates

01.04.2014

Within next few months SHA-256 hashing algorithm shall be adopted in organisation certificates of SK.

As soon as the change has been adopted by SK, all the issued organisation certificates shall use the SHA-256 hashing algorithm by default. The exact date of the change will be decided in near future. The customers experiencing difficulties introducing certificates using SHA-256 hashing algorithm to their systems should contact SK's help desk for further assistance. If necessary, it is also possible to tailor certificates using SHA-1 hashing algorithm with a validity period up to December 31st 2016.

SK no longer issues organisation certificates with SHA-1 hashing algorithm with validity of three years.

The change is due to expected decrease in security of currently used SHA-1 algorithm over the next few years. The study (in Estonian) about the area of use and life cycles of cryptographic algorithms is available here

Similar changes are scheduled also for the personal certificates. By the autumn of 2014, Digi-ID will be the first to receive the certificates using SHA-256 hashing algorithm. The next in schedule is the Mobile-ID by the beginning of 2015 and then finally the ID-card certificates shall be using SHA-256 hash algorithm. More detailed information shall be published on an ongoing basis.

SHA-1 hashing algorithm has been in use by certification authorities since the late 1990s. Over 98% of the digital certificates currently in use are using SHA-1 hashing algorithm. Recent studies on cryptography have forced certification service providers to switch over to the newer SHA-256 hashing algorithm.

Microsoft has announced Windows operating system no longer to support SHA-1 hashing algorithm in certificates since January 1st 2017 (exact schedule is to be reviewed in July 2015).