Renew keys

Bank connections in subscriber status Ready are displayed on the details page with information on your EBICS keys for signature, encryption and authentication, see tab Bank, area Subscriber status. The values themselves are not displayed.

You can renew your EBICS keys to adjust them to current security requirements. It is advisable to renew your keys as a precaution if you suspect that they have been compromised, for example by a hacker attack on the BL Banking Web server. It is not necessary for the bank to reset the subscriber in order to renew the keys.

Open the page Renew keys from the menu More actions or from the bank details using the button Renew keys. You can change the signature version and the key lengths of all three EBICS keys. The version of the encryption and authentication key cannot be changed by the subscriber. The start date of validity is set automatically in EBICS 3.0 and cannot be changed. The fields are preset with the last saved values. Select the signature version from the drop-down list, enter the key lengths directly or change the value by clicking on the arrows at the end of the field. Confirm the change by clicking on the button Renew keys and entering your password. The old keys are still valid at that moment and legitimize the new ones.

Valid key lengths pursuant to the EBICS standard are:

More length means stronger encryption, but the computing effort also increases. A length of 4096 bits is considered sufficient.

Notes: On the tab Bank, the stored hash values of the public EBICS keys E002 and X002 are displayed in plain text. These are not affected by the renewal of the keys, see Update bank keys.
The key renewal is carried out by the technical send order type HCS, which is available to every user by default. You can see this order type in your user profile on the tab Permissions whether this order type is assigned to your subscriber. If not, contact the bank.

Figure: Renewing the keys