Thursday, November 28th, 2019

Obscurity Removed from Swedish BankID

The Swedish BankID is a digital authentication and signature framework that has become a huge success. In a previous post I complained about an obscurity in the Swedish BankID. I am happy to report that the obscurity has now been removed.

The Swedish BankID is run by Finansiell ID-Teknik, a joint venture by Swedish banks. It establishes what is conventionally called a PKI, a Publick Key Infrastructure. My complaint was that the public key of Finansiell ID-Teknik was not public. That fact prevented ordinary citizens from validating signatures made with BankID.

The eIDAS European Regulation issued in 2014 contains explicit validation requirements. Even though the Regulation is heavily biased towards relying parties and not signatories I suppose Finansiell ID-Teknik could read the signs in the sky and decided they could no longer withhold their public key. It is now available on request.

Note: The eIDAS Regulation was enacted as Swedish law in 2016.

Leave a Reply