Your Peace of Mind is our Commitment

Contact Us English Recent Articles

The Hongkong Post eCert and the State of Digital Signatures in Hong Kong

First published: 31st May 2009

Allan Dyer

Hong Kong's Electronic Transaction Ordinance (ETO) was enacted on 5th January 2000. It mainly aims to promote and facilitate the development of e-business in Hong Kong by providing the same legal recognition for electronic records and digital signatures as their paper-based counterparts, and establishes a voluntary framework for recognition of certification authorities (CAs) operating in Hong Kong.

However, in the nine years since the ETO was passed, digital signatures, and, in particular, digital signatures backed by recognised CAs, have not become widely-used in Hong Kong. They are not even widely used among IT professionals. Why not?

There is no simple answer, but part of the problem is that information on how to use the services is too fragmented, and, in some cases, even support hotlines are giving incomplete or incorrect information. Recently, I renewed my Hongkong Post e-Cert and the information below was gathered through phone and email exchanges with E-Mice Solutions (HK) Limited (the Operator of Hongkong Post e-Cert services), and the two service providers for the Government import/export declaration system: Global e-Trading Services Limited (Ge-TS) and Tradelink Electronic Commerce Limited.

e-Cert Storage Options

E-Mice Solutions wrote, "Currently, our practice is to issue e-Cert to the applicant in the storage medium of either floppy disc or File Card. Additionally, applicant may choose to have a copy of e-Cert loaded into his HKID card. We believe that this practice can provide the subscribers, who come from the general public, with the flexibility of deploying the e-Cert according to their own needs. This also allows subscribers restoring their e-Cert from floppy disc or File Card when needed, addressing the danger of losing the private key holding in a single media."

"If an applicant wishes to request for the e-Cert to be delivered on his HKID card alone, he may raise such request through a signed e-mail or a signed instruction on the paper application form."

Thus, there are three options for storing an e-Cert:

 HKID cardFile CardFloppy Disc
Hardware StandardISO 7816ISO 7816FAT
DriverPC/SCPC/SCfloppy
Public-Key Cryptography Standard (PKCS)PKCS#11PKCS#12PKCS#12
Softwaree-Cert Control Managere-Cert File Card Utility ProgramNo additional software required
PIN length8 numeric digits16 numeric digits16 numeric digits
PIN lockoutPermanent on more than 5 consecutive incorrect PIN triesnonenone
Private key can be exported?NoYesYes

The same card reader can be used with the HKID card and the File Card, though different software is needed.

The different storage methods have their own advantages and disadvantages:

Import / Export Declarations

Two companies provide Import / Export Declaration services: Global e-Trading Services Limited and Tradelink Electronic Commerce Limited.

Although the e-Cert and the ID-Cert follow the same technical standards, and the organisation that is ultimately accepting the declarations (the Hong Kong Government) is the same, the two service providers have apparently decided not to accept each other's certificates. Although this makes competitive sense in the short term, it hampers the development and uptake of e-commerce applications in Hong Kong.

Recommendations

Ultimately, by reducing the costly handling of paper, e-business provides the biggest benefit for the government. In order to realise this benefit, the government needs to maximise the convenience of the users. Allowing users to access different applications with the same certificate and the same signing method would be convenient.


More Information

Related Articles

Slashdot   Slashdot It! | Share