Renew keys

You can renew the keys for banks that are in the status Ready, for example, to switch from version A004 to a more current version. This function can also be used when you suspect that your keys have been compromised, i.e. have fallen into the hands of unauthorized persons.

To renew the keys, mark the relevant bank in the overview and choose Renew key from the menu More actions. Then this page appears, where you can enter the signature version and the key lengths. We recommend that you leave the default values for the key lengths as they are.

Keys can be renewed without involving your bank. Neither resetting, initializing, nor subsequent activation is required. The new keys are authenticated in accordance with EBICS using your electronic signature in conjunction with your still valid, old keys.

The EBICS order type HCS is a prerequisite for automatic key updating. You can refer to the user profile to verify whether you have authorization for these order types. For this purpose, see section Bank details - User profile - Permissions. If your bank has not assigned these to you, the above mentioned function is not available. In this case you will need to ask your bank to activate the HCS order type. You can then repeat the above steps.

Notes: Valid key lengths pursuant to the EBICS standard are:

A004 - only 1024 bits
A005 - from 1536 to 4096 bits
A006 - from 1536 to 4096 bits
Encoding key (E001 or E002) - from 1024 to 16384 bits
Authentication key (X001 or X002) - from 1024 to 16384 bits

In this case a maximum length of 4096 bits would be sufficient.

The valid key lengths are displayed in an error message if the entered length is too short or too long.

After clicking on the blue button, a dialog box appears, where you enter your password and click on Submit again.

Figure: Form for renewing the keys