Polymorphic decryption and pseudonyms

What is polymorphic decryption?

eHerkenning and eIDAS ensure that the personal identity at login is only visible to the service provider where a user logs in. This is done by technical encryption of this data, such as the BSN and the pseudonym derived from it.

What is the new decryption component for the unlocking of polymorphic pseudonyms?

Logius launched new component in October 2019 that provides decryption of the encrypted data, the polymorphic pseudonyms (PP). This component is called decryption or ECSDSA component. It is a new structure that provides more features and also increases security.

What changes for you?

These changes involve the decryption of polymorphic pseudonyms that are used for recognition of a user logging in: Encrypted Identity (VI), such as the encrypted BSN, and the Encrypted Pseudonym (VP).

The data structure changes and contains more fields. The signing algorithm also changes (from: EC-Schnorr, to: ECSDSA).

One of the advantages of the new structure is that in the event of, for example, a change in the organisation or the certificate used, migration is supported. You can, therefore, continue to identify previous users with the same pseudonym.

What steps do you need to take?

If you use the Signicat adapter, nothing changes. The Signicat adapter takes the decryption of polymorphic pseudonyms off your hands. We ensure that the new form of decryption is processed automatically after installation of the update. If you do not work with the Signicat adapter, you can still request one or incorporate the technical implementation into your software yourself. Instructions for installation in the software can be found on these technical specification pages.

Support

Does your question remain unanswered? You can reach our Technical Support department Monday to Friday from 09:00 to 17:30 via email <technicalsupport@signicat.com> or by calling + 31 (0)88 012 0210.