14. Cryptographic Algorithms¶
This section lists cryptographic algorithms used in the IT Wallet ecosystem. Algorithm identifiers are primarily expressed as JOSE alg values; when COSE is used, the corresponding COSE algorithms are explicitly marked (e.g., ESP256 vs ES256).
The following algorithms MUST be supported:
Algorithm `alg` parameter value |
Description |
Operations |
References |
|---|---|---|---|
ES256 |
Elliptic Curve Digital Signature Algorithm (ECDSA) using P-256 and SHA-256. |
Signature |
|
ES384 |
ECDSA using P-384 and SHA-384. |
Signature |
|
ES512 |
ECDSA using P-521 and SHA-512. |
Signature |
|
ESP256 (COSE, |
ECDSA using P-256 and SHA-256. |
Signature |
|
ESP384 (COSE, |
ECDSA using P-384 and SHA-384. |
Signature |
|
ESP512 (COSE, |
ECDSA using P-521 and SHA-512. |
Signature |
|
RSA-OAEP-256 |
RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using SHA-256 hash function and the MGF1 with SHA-256 mask generation function. |
Key Encryption |
|
ECDH-ES |
Elliptic Curve Diffie-Hellman (ECDH) Ephemeral-Static key agreement. |
Key Agreement |
|
A128CBC-HS256 |
AES encryption in Cipher Block Chaining mode with 128-bit Initial Vector value, plus HMAC authentication using SHA-256 and truncating HMAC to 128 bits. |
Content Encryption |
|
A256CBC-HS512 |
AES encryption in Cipher Block Chaining mode with 256-bit Initial Vector value, plus HMAC authentication using SHA-512 and truncating HMAC to 256 bits. |
Content Encryption |
|
A128GCM |
AES encryption with Galois/Counter Mode and a key length of 128. |
Content Encryption |
|
A256GCM |
AES encryption with Galois/Counter Mode and a key length of 256. |
Content Encryption |
For Credentials issued in mdoc format, the following algorithms MUST be supported:
Algorithm |
Description |
Operations |
References |
|---|---|---|---|
ECKA-DH |
Elliptic Curve Key Agreement Algorithm – Diffie-Hellman. |
Key agreement |
BSI TR-03111. |
HKDF |
HMAC-based Key Derivation Function. |
Session key derivation |
|
AES-256-GCM |
Advanced Encryption Standard with Galois/Counter Mode and a key length of 256. |
Session encryption |
NIST SP 800-38D. |
The following algorithms are RECOMMENDED to be supported:
Algorithm `alg` parameter value |
Description |
Operations |
References |
|---|---|---|---|
PS256 |
RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA-256 hash function and MGF1 mask generation function with SHA-256. |
Signature |
|
PS384 |
RSASSA with PSS padding using SHA-384 hash function and MGF1 mask generation function with SHA-384. |
Signature |
|
PS512 |
RSASSA with PSS padding using SHA-512 hash function and MGF1 mask generation function with SHA-512. |
Signature |
|
ECDH-ES |
Elliptic Curve Diffie-Hellman (ECDH) Ephemeral Static key agreement using Concat Key Derivation Function (KDF). |
Key Encryption |
|
ECDH-ES+A128KW |
ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 128 (A128KW). |
Key Encryption |
|
ECDH-ES+A256KW |
ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 256 (A256KW). |
Key Encryption |
The following algorithms MUST NOT be supported:
Algorithm `alg` parameter value |
Description |
Operations |
References |
|---|---|---|---|
none |
Signature |
||
RSA_1_5 |
RSAES with PKCS1-v1_5 padding scheme. Use of this algorithm is generally not recommended. |
Key Encryption |
|
RSA-OAEP |
RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using default parameters. |
Key Encryption |
|
HS256 |
HMAC using SHA-256. |
Signature |
|
HS384 |
HMAC using SHA-384. |
Signature |
|
HS512 |
HMAC using SHA-512. |
Signature |