Transition to ECC for Infrastructure Certificates

The changes will be introduced on the night from November 27 to November 28, 2025 at 00:00

Starting from November 27, 2025, only the ECC (Elliptic-Curve Cryptography) key standard will be used in infrastructure certificates issued by LVRTC.

The transition to the ECC algorithm began in 2024, with the gradual implementation of ECC keys across various LVRTC services that had previously used the RSA algorithm. This marks the final phase of the transition, during which the ECC algorithm will also be fully adopted for infrastructure certificates.

These changes will apply to the following certificates:

  • Advanced electronic seal certificates in client devices;
  • Infrastructure certificates, including:
    • Timestamp request certificates;
    • Authentication certificates for information systems.

Currently, these certificates are issued using the RSA algorithm. The transition to ECC algorithm is necessary to ensure a higher level of security and, due to the shorter key length, to improve performance in certificate issuance, document signing, and sealing.

What You Need to Know

From May 7, 2025, ECC-based certificate solution is available for testing in the eParaksts test environment.

Until November 26, 2025, certificates with the RSA algorithm will still be issued in the production environment. Starting from November 27, 2025, only certificates based on the ECC algorithm will be issued.

Previously issued certificates using the RSA algorithm will remain valid until their expiration date.

We encourage you to ensure that your systems are capable of recognizing and processing ECC-based certificates, and to plan any necessary adjustments in a timely manner to fully adopt the ECC algorithm.

Test environment

If you don't have eParaksts test environment yet, don't hesistate to apply for it! Test environment provides the opportunity to perform secure functional and non-functional testing of eParaksts and e-Identity services without affecting the production environment. In the test environment, all trust services provided by LVRTC can be tested.

The test environment is available free of charge. The eParaksts smart cards for the test environment are produced by LVRTC (price 14.23 EUR excluding VAT), while the Citizenship and Migration Affairs Office (email: [email protected]) provides eID cards for testing purposes.

More information can be found at eparaksts.lv.