my blog via RSS
|
I gave a presentation at the European Forum on Electronic Signature and PKI 2011 with the title: Managing SHA-2 migration - Replacing foundations of a PKI. Slides are available here.
The set of cryptographic algorithms usable for creating electronic signatures is going to change. 1024-bit-RSA and SHA-1 are being phased out in favor of 2048-bit-RSA and SHA-2 (SHA-256 in particular). I spoke about how we prepared at Microsec our certificate authority and signature creation application for this change so that it would mean as little trouble for end-users as possible.
I was not aware of any similar paper/presentation/checklist when we started working on this project, but it would have helped a lot. I hope my presentation shall be of help for others who will face similar problems in the future.