T 2.79 Ineffectual regeneration of digital signatures during archiving

The algorithms and key lengths used for digital signatures must be adapted to the current state of the art at regular intervals so that their protective effect is guaranteed (see T 4.47 Obsolescence of cryptographic procedures). This means that the cryptographic keys used and the related certificates are only reliably valid for a limited period of time. When compared to the archiving period aimed at, these periods are relatively short. In order to maintain the validity of digital signatures, the electronic signature of every single document must be regenerated in due time.

Regularly regenerating the signature of archived documents may be connected to the following security problems, amongst other things:

• If documents characterised by a previously invalid or missing electronic signature are incorrectly provided with a valid new signature, these documents may be deemed authentic thereafter.

• It could happen that documents are omitted during signature regeneration operations, i.e. these documents are not provided with a new valid signature, although they had a valid signature beforehand. In this way, it may be the case that the authenticity and/or integrity of the corresponding documents can no longer be verified if no alternative verification using different features is possible.

• At the time the document is provided with a new signature, the underlying cryptographic procedure may have already been compromised or the initial signature key may have been disclosed (e.g. determined by massive computing efforts). In this way, unauthorised persons may generate documents and provide these documents with a technically valid signature, possibly also with any time signatures (time stamp). If these documents can be integrated into the process of signature regeneration, these documents are incorrectly deemed authentic.