MINIMUM CONDITIONS FOR ISSUING AND STORING KEY PAIRS AND SIGNATURE VERIFICATION AND ENCRYPTION CERTIFICATES
The following are the minimum conditions for issuing and storing key pairs and signature verification and encryption certificates that must be met by a provider of certification services to be certified by the Conseil du trésor pursuant to section 83:
(1) the reliability of the data constituting the applications for registration and documents presented to the Land Registry Office shall be ensured by using an asymmetric cryptographic system;
(2) the asymmetric cryptographic system used shall also include a hash function by means of which the Land Registry Office can verify the integrity and completeness of the data it receives;
(3) the asymmetric cryptographic system used shall provide for the issue of a signing key pair by means of which the applications for registration and documents presented are signed and their source identified and shall also provide for the issue of an encryption key pair to protect the confidentiality of the applications and documents; such confidentiality is ensured by encrypting the data by means of a randomly variable secret key generated by a symmetric cryptographic system; that key must itself be encrypted with the pubic key that forms part of the encryption key pair of the Land Registry Office, which shall be able to decrypt the transmitted data with its private key;
(4) each signing key and encryption key pair issued shall consist of a unique and indissociable pair of keys, one public and the other private, that are linked mathematically; each public key shall be referred to in a certificate, issued by the provider of certification services, which serves to bind the key to the key pair holder;
(5) The signature verification certificate and encryption certificate issued shall be on a computer system and shall include the following information:
— the distinguishing name of their holder which consists of his name combined with a unique code;
— the name of the provider of certification services and its signature;
— the signature verification public key or the encryption public key, as the case may be, together with the certificate serial number, version, issue date and expiry date; and
— the name of the issuer, the characteristics of the algorithm and the resulting hash code used in delivering the certificate;
(6) the encryption certificates shall be entered in an electronic directory and kept up-to-date by the issuing provider of certification services; the directory shall include the serial numbers of the signature verification certificates and encryption certificates that have been suspended, revoked, withdrawn or deleted; and
(7) the provider of certification services shall comply with the following recommendations or standards or their equivalents:
— International Telecommunication Union (ITU) Recommendation X.500 (11/93), in general, adopted as an international standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the general designation of ISO/IEC 9594: 1995, for the management of the directory containing the information relating to the certificates and public keys that form an integral part of key pairs;
— ITU Recommendation X.509 (11/93), in particular, adopted as an international standard by ISO and IEC under the designation ISO/IEC 9594-8: 1995 Information Technology-Open Systems Interconnection (OSI) - The Directory: Authentication framework, for the issue and storage of key pairs and signature verification and encryption certificates; and
— the United States government National Institute of Standards and Technology (NIST) Standard FIPS 140-1 for the DES, DSA and SHA-1 algorithms used in cryptography.