In late 2020, Bacs will be removing SHA1 compatibility, enforcing users to sign/submit with SHA2 certificates. In preparation, PTX / HSBC-IP has already been updated to become SHA2 compliant.
What do I need to do?
You will need to check version of the Gemalto software you have installed and confirm with your sponsoring bank it is SHA2 compliant. If it is not, your bank (whom distribute/support this software) will need to provide you with a copy of the latest version for installation.
How to check your Gemalto version.
- Launch the Gemalto Classic Client Toolbox. (found under Start and searching for “Classic Client").
- Navigate to the Diagnostic/Help menu from the bottom-left of the toolbox. and select the Diagnostic Tool.
- On the right-hand side, locate the eSigner directory, where the version number is located. and expand this section
- Expand 'Product' and click on 'Product version'
- The version will be visible within the lower portion of this screen.
How to check if the smartcard certificate is SHA2
- Launch the Gemalto Classic Client Toolbox. (found under Start and searching for “Classic Client").
- Under 'Card Contents' select 'Certificates'
- Enter the card’s PIN in the top right hand corner.
- Once logged in, highlight 'Identity Cert' and select 'Show Details'.
- In the Certificates Window select 'Details' and look for 'Signature hash algorithm':
- If it states sha256 then this Certificate is a SHA2 card.
- If it says anything else please contact your sponsoring bank to obtain a compatible card