Code Signing and introduction of new key length.
Dear Sir or Madam,
Please be advised that due to the change in CA/B Forum regulations and to ensure the highest level of security in the use of Certum Code Signing certificates, the following products will be available from May 24, 2021:
- Open Source Code Signing (card, activation code, and cloud),
- Code Signing Standard (card, activation code, and cloud),
- Code Signing on EV (card, activation code, and cloud),
will not be able to be generated on keys shorter than 3072 RSA bits (including 2064).
With the introduction of longer keys, certificates will provide the required level of security and more effective encryption. The changes are a direct result of the following regulations:
Due to the above change, Certum is introducing for all Code Signing the possibility to generate keys with the following lengths:
- 3072 bit RSA
- 4096 bit RSA
What do we offer to you as a result of the change in regulation?
Keys with lengths of 3072 and 4096 can only be generated on the new cryptographic cards 3.5. Thismeans that after May 24, 2021 it will not be possible to generate the issuance and renewal of a certificate on a 3.2 card. Therefore, new cryptographic cards 3.5 have been introduced to the current Code Signing sets in the Certum e-store, which will support the new key length.
At the same time, we would like to inform you that as of May 24, 2021, cryptographic 3.2 cards will be withdrawn from sale and will not be available for purchase due to the inability to generate keys longer than 2064.
Please review potential questions to optimize your renewal process:
I have a 3.2 card and want to renew my certificate?
Until May 23, 2021, there will be an opportunity to renew a certificate on the 3.2 card. All certificatesrenewed on the 3.2 card before that date will be valid for the life of the certificate, but the maximum key length they can handle is 2064.
Therefore, we recommend that you renew your certificate on the 3.5 card.
As of May 24, 2021, you will no longer be able to renew your certificate on the 3.2 card. You must renew your certificate on the new 3.5 card, available at the following link: https://shop.certum.eu/cryptographic-card-cryptocertum-3-5.html Certum’s recommendation: We recommend buying a new set. If you have any questions, please contact our complaints department: firstname.lastname@example.org.
Read more: https://shop.certum.eu/returns-refunds
I own a 3.2 card and want to do a reissue?
All Code Signing certificates after May 24, 2021 will be generated on keys with a minimum length of 3072, so the reissue process will only be possible on Card 3.5.
By May 23, 2021 – the reissue process will be done on the old 3.2 card.
As of May 24, 2021 – reissue will require a new 3.5 card that is compatible with 3072 keys.