Translation and Commentary by Christopher Kuner
Translation copyright 1996 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.
Commentary: This translation is of a semi-final version of the Ordinance, which is expected to be approved by the German cabinet in late 1996 or early 1997 and to be enacted into law in the spring of 1997. While some minor changes may be made following comments from the German public and German industry, the text translated here is likely to reflect the final law very closely. The Ordinance is to be enacted under § 15 of the Digital Signature Law, and deals mainly with technical requirements for the use of digital signatures, licensing procedures, and the like.
On the basis of § 15 nos. 1 through 7 of the Digital Signature Law (SigG) in the version of [ ], the Federal Government adopts the following Legal Ordinance:
Procedure for the Granting, Transfer, and Revocation of Licenses
(1) A license for the operation of a certifier under § 4 para. 1 of the Digital Signature Law shall be applied for in writing to the Authority.
(2) The Authority shall make the necessary determinations to check the requirements for the granting of a license. It can require from the applicant the production of the necessary documents, in particular, a current extract from the commercial register and a current police certificate. In order to demonstrate the necessary expert knowledge, the applicant shall demonstrate that the intended personnel possess the necessary professional qualifications.
(3) Before rejecting or revoking a license, the Authority shall grant the applicant a hearing and give him opportunity to eliminate the grounds for such rejection or revocation.
The circumstances giving rise to fees and the amount of fees are determined according to the appendix. Expenses are included in the fees.
Identification upon Application for a Signature Key Certificate
(1) The certifier shall identify an applicant under § 5 para. 1, sentence 1 of the Digital Signature Law based on a federal identity card or a passport, or by other appropriate means.
(2) If information concerning a third party is to be included in a signature key certificate or an associated certificate under § 5, para. 2 of the Digital Signature Law, a certified, written application of such third party shall be presented. The application of a legal person shall be signed by a natural person who is so authorized in a public registry and has power of representation, and shall be combined with a certified extract from the register or with a notarial certification of representation.
Instruction of the Applicant
The certifier shall instruct the applicant within § 6, sentences 1 and 3 of the Digital Signature Law, in particular concerning the following measures which are necessary to guarantee the security of digital signatures:
1. The private signature key is to be kept under personal control. Upon loss, the signature key certificate is to be immediately blocked. If the certificate has expired or the signature key is no longer required for some other reason, then the key is to be rendered unusable.
2. Personal identity numbers or passwords used for identification with respect to the holder of data concerning the key are to be kept confidential. A change is to be made immediately upon disclosure or the suspicion of disclosure of identification data.
3. Technical components are to be used for the creation and checking of digital signatures, and for the representation of data to be signed or of signed data to be checked, which meet the requirements under § 13, paras. 1 and 2 of the Digital Signature Law, and the security of which has been verified under § 13, para. 4 of the Digital Signature Law. They shall be protected from unauthorized access.
4. Insofar as a point in time may be important for the evidentiary value of signed data, a time stamp is to be affixed as needed.
5. If data are needed in signed form for longer than five years, then a further digital signature is to be affixed.
6. When checking signatures, it shall be determined at a person's own discretion whether the particular signature key certificate was valid at the time the signature was created. In addition, it shall be checked whether the signature key certificate contains restrictions under § 7, no. 7 of the Digital Signature Law and whether the data contain a time stamp as necessary.
Creation and Storage of Signature Keys and Identification Data
(1) If the creation of signature keys or personal identity numbers, passwords, or other data which serve to identify the signature key owner to the holder of data concerning the key is done by the signature key owner, then the certifier shall convince itself that the signature key owner used appropriate technical components under § 13 of the Digital Signature Law.
(2) If the creation and storage of signature keys or identification data under para. (1) is done by the certifier, then the certifier shall take steps to exclude the unnoticed disclosure of keys or identification data.
Delivery of Signature Keys and Identification Data
Insofar as the certifier makes signature keys or identification data under § 5 available, it shall personally deliver the private signature key and the identification data to the intended signature key owner and have such delivery confirmed in writing by such owner, unless the owner requests a different means of delivery in writing.
Validity of Signature Key Certificates
The validity period of a signature key certificate may be three years at the most. The time between the issuance and the beginning of the validity period of the certificate may be no longer than six months.
Public Registries of Signature Key Certificates
(1) The certifier shall record signature key certificates issued by it for a period of at least ten years from the beginning of their validity in a registry in accordance with the provisions of § 5, para. 1, sentence 2 of the Digital Signature Law.
(2) The Authority shall record signature key certificates issued by it for a period of at least 15 years from begin of their validity in a registry in accordance with the provisions of § 4, para. 5, sentence 3 of the Digital Signature Law. Insofar as foreign signature key certificates are recognized, this also applies to the public signature key of the highest certifier of the particular foreign country. It shall publish the number of the telecommunication connection under which the certificates are accessible in the Federal Gazette.
(3) Following expiration of the time periods mentioned in paras. (1) and (2), the certifier and the Authority shall make possible an examination of their certificates upon application in a particular case until expiration of the time period mentioned in § 13, para. 3.
Procedure for Blocking of Signature Key Certificates
(1) The certifier shall make known to signature key owners and third parties whose information is incorporated in a signature key certificate or an associated certificate, as well as to the Authority, a telephone number under which they may at any time have signature key certificates immediately blocked.
(2) It shall block a signature key certificate under the requirements of § 8 of the Digital Signature Law if an application of a signature key owner, its legal representative, or a third party with a legitimate interest is presented under para. (1) in digital form with a digital signature or in writing, or if an agreed authentication procedure was used.
(3) The blocking of signature key certificates shall be unmistakably indicated in the registry with information concerning the time, and may not be revoked.
Reliability of Personnel
The certifier shall convince itself about the reliability of persons who assist in the issuance of signature key certificates or time stamps. In particular, it may for this purpose require presentation of a police certificate. Unreliable persons may not take part in the procedure.
Protection of Technical Components
The certifier shall take measures to protect technical components and private signature keys used for the creation of signature key certificates and time stamps from unauthorized access.
(1) The security plan under § 4, para. 4 of the Digital Signature Law shall contain all security measures as well as, in particular, an overview of the technical components used and a representation of the organizational procedure of certification activity. The plan shall be immediately amended in case of any changes which affect security.
(2) The Authority shall maintain a catalogue of appropriate security measures which are to be taken into consideration when drawing up a security plan. It shall draw up a catalogue in consultation with the Federal Office for Security in Information Technology following comments by consumer organizations and industry groups, and shall publish it in the Federal Gazette.
Scope and Length of Retention for Documentation
(1) Documentation under § 9 of the Digital Signature Law shall cover the security plan (including any changes), examination reports under § 15, contractual agreements with signature key owners, and signature key certificates received from the Authority. The following shall be documented: with regard to agreements with signature key owners, a copy of the identity card presented or of another proof of identity; with regard to information concerning third parties in a certificate, the documentation necessary for them to be included; the granting of a pseudonym; proof of the required instruction; the certificate which was created, including the time of issuance and delivery, as well as an acknowledgement of delivery; and blocking of a certificate.
(2) Records kept in digital form under para. (1) shall bear a digital signature. A new digital signature shall be affixed at least every five years, which signature includes the previous signatures.
(3) Documentation shall be kept for at least 33 years and shall be secured in such a way that it is accessible during this time.
Procedure for Termination of Licensed Activity
(1) A certifier wishing to terminate its activities shall inform the Authority at least four months prior thereto.
(2) Before terminating its activities, the certifier shall inform the signature key owner of its intention to terminate its activities as a certifier at least three months earlier with regard to each certificate which is not blocked and which has not expired at the time of terminating its activities, shall instruct him regarding whether another certifier will take over this certificate, and shall name such certifier. If this is not the case, then, following expiration of the time period mentioned in para. (1), all certificates shall be blocked which were not already blocked or expired at such time. The signature key owners of certificates to be blocked shall be informed thereof.
(3) Notice to the Authority and instruction of the signature key owners shall be done in writing or in digital form with a digital signature.
Measures for the Control of Certifiers
(1) A certifier shall present its security plan and the results of the examination under § 4, para. 3, sentence 3 of the Digital Signature Law to the Authority no later than one month before the planned commencement of activities.
(2) A certifier shall cause a new examination to be conducted following any substantial changes, or at least every two years, and shall present the results thereof to the Authority.
Further Requirements for Technical Components
(1) The technical components necessary for the creation of signature keys shall be designed in such a way that, with near-absolute certainty, a key only occurs once and the private key may not be calculated from the public key which has been created. The confidentiality of the private key shall be guaranteed with respect to creation and storage, and it may not be copied or viewed. Any changes with regard to technical security shall be visible to the user.
(2) The technical components necessary for the creation and examination of digital signatures must be designed so that the private signature key may not be calculated from the signature, and so that the signature may not be falsified in any other way. The private signature key should be able to be used only after identification of the owner by possession and knowledge, and should not be revealed during use. Further characteristics, such as biometrics, may be used for identification of the signature key owner. Any changes with regard to technical security shall be visible to the user.
(3) The data to be signed for representation and the signed data to be checked, as well as the technical components necessary for use of technical components under para. (2), shall be designed in such a way that the person who is signing can sufficiently determine the creation of a digital signature and the contents of the data which the signature covers. An additional confirmation of correctness must be guaranteed with regard to the examination of signed data. The technical components necessary for the collection of identification data must be designed in such a way that identification data is not revealed and is recorded only on the storage medium with the private signature key. If technical components under sentences 1 or 2 are offered to third parties for use in the course of business, then they shall be automatically checked upon use for authenticity and for any changes relevant to technical security, and any such changes shall be visible to the user.
(4) The technical components by which signature key certificates are to be verifiably maintained under § 5, para. (1), sentence 2 must be designed in such a way that only authorized persons can make entries and changes, and that the blocking of a certificate cannot be revoked in a way which goes unnoticed.
(5) The Authority shall maintain a catalogue of appropriate measures to be taken into consideration regarding the technical components. It shall draw up a catalogue in consultation with the Federal Office for Security in Information Technology following comments by consumer organizations and industry groups, and shall publish it in the Federal Gazette.
Checking of Technical Components and
Confirmation of Fulfilment of the Requirements
(1) The necessary technical components must be checked for fulfilment of the requirements in accordance with the "Criteria for the Evaluation of the Security of Information Technology Systems" (GMBL. of August 8, 1992, p. 545 et seq.), as follows:
1. For technical components for the creation of signature keys or for storage of private signature keys or for creation and checking of digital signatures, at least examination level four, with a valuation of security mechanisms of "high";
2. For technical components for the representation of data to be signed or signed data to be checked or for the collection of identification data, at least examination level two, with a valuation of security mechanisms of at least "medium"; if they are offered to third parties for use in the course of business, then at least level four and a valuation of "high" are necessary;
3. For technical components with which signature key certificates are to be verifiably maintained under § 5, para. 1, sentence 2 of the Digital Signature Law, at least level two with a valuation of security mechanisms of "high".
(2) The Authority shall, in consultation with the Federal Office for Security in Information Technology and after checking with experts from industry and academia, evaluate the strength of mathematical processes used for the creation of signature keys and digital signatures at least every five years, and shall make the results public.
(3) Confirmation of fulfilment of the requirements for technical components under para. (1), no. 1 is limited to five years. It can be extended repeatedly up to five years, insofar as a renewed security evaluation allows this.
(4) The Authority shall publish in the Federal Gazette the recognized instances under § 13, para. 3 of the Digital Signature Law as well as the technical components which have received a confirmation from such instances, and shall notify them directly to the certifiers.
Duration of Security of Digital Signatures
If data is needed in signed form for a long time, then they should contain the date of issuance and should be re-signed with a digital signature containing a time stamp after five years at the latest. Insofar as earlier digital signatures have retained their security value, the new signature must include these.
Entry into Force
The Legal Ordinance enters into force as of [ ].
(to § 2 Digital Signature Ordinance)
Events Giving Rise to Fees and Fee Schedule
(presently being drafted)