Thousands of IDs to become invalid

Hanneli Rudi
Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.
Photo: Arvo Meeks / Lõuna-Eesti Postimees

Thousands of mobile-IDs and digital identification cards will be deemed invalid in April, following a decision to switch to more secure document certificates.

April will mark the end of several years of preparations for the end of the life cycle of 1,024-bit RSA algorithm-based document certificates and the adoption of keys sporting a stronger level of encryption, the Police and Border Guard Board (PPA) reports.

There are currently around 12,000 mobile IDs and 3,000 ID-cards using the old certificates in circulation the invalidation of which will be the final stage in the transition to the new keys.

For mobile-ID, the change concerns users who ordered mobile-ID-enabled SIM cards before 2015 and applied for certificates in 2014. These SIM cards use 1,024-bit RSA keys.

Clients can turn to their mobile service providers and order a new, more secure mobile-ID SIM card that supports new certificates valid for a period of five years. Clients will not have to pay the state fee for using the mobile-ID service for a second time. Cell phone operators will notify all clients who have to exchange their SIM cards via short messages.

April 1 will also mark the invalidity of around 3,000 ID-cards that have been issued before December 1, 2014. The PPA will send notifications to card-holders whose current email address is in the agency's database.

The redeem their new digital document, people will have to turn to the nearest PPA service center where they can choose whether to receive a free replacement card or apply for a new one with a three-year validity period for which a state fee will have to be paid.

SIM and ID-cards need to be replaced to complete the switch to more secure 2,048-bit keys.