Cryptographic AlgorithmsΒΆ

The following algorithms MUST be supported:

Algorithm `alg` parameter value

Description

Operations

References

ES256

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA256.

Signature

RFC 7518, [SOG-IS], [ETSI] .

ES384

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA384.

Signature

RFC 7518, [SOG-IS], [ETSI] .

ES512

Elliptic Curve Digital Signature Algorithm (ECDSA) using one of the enabled curves listed in the section below and SHA521.

Signature

RFC 7518, [SOG-IS], [ETSI] .

RSA-OAEP-256

RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using SHA256 hash function and the MGF1 with SHA-256 mask generation function.

Key Encryption

RFC 7516, RFC 7518.

A128CBC-HS256

AES encryption in Cipher Block Chaining mode with 128-bit Initial Vector value, plus HMAC authentication using SHA-256 and truncating HMAC to 128 bits.

Content Encryption

RFC 7516, RFC 7518.

A256CBC-HS512

AES encryption in Cipher Block Chaining mode with 256-bit Initial Vector value, plus HMAC authentication using SHA-512 and truncating HMAC to 256 bits.

Content Encryption

RFC 7516, RFC 7518.

The following Elliptic Curves MUST be supported for the Elliptic Curve Digital Signature Algorithm:

Curve Family

Short Curve Name

References

Brainpool

brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.

RFC 5639, [ETSI] .

NIST

P-256, P-384, P-521

[ETSI], [FIPS-186-4], [ISO/IEC 14888-3].

The following algorithms are RECOMMENDED to be supported:

Algorithm `alg` parameter value

Description

Operations

References

PS256

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA256 hash function and MGF1 mask generation function with SHA-256.

Signature

RFC 7518, [SOG-IS].

PS384

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA384 hash function and MGF1 mask generation function with SHA-384.

Signature

RFC 7518, [SOG-IS].

PS512

RSASSA (RSA with Signature Scheme Appendix) with PSS ( Probabilistic Signature Scheme) padding using SHA512 hash function and MGF1 mask generation function with SHA-512.

Signature

RFC 7518, [SOG-IS].

ECDH-ES

Elliptic Curve Diffie-Hellman (ECDH) Ephemeral Static key agreement using Concat Key Derivation Function (KDF).

Key Encryption

RFC 7518.

ECDH-ES+A128KW

ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 128 (A128KW).

Key Encryption

RFC 7518.

ECDH-ES+A256KW

ECDH-ES using Concat KDF and content encryption key (CEK) wrapped using AES with a key length of 256 (A256KW).

Key Encryption

RFC 7518.

The following algorithms MUST NOT be supported:

Algorithm `alg` parameter value

Description

Operations

References

none

Signature

RFC 7518.

RSA_1_5

RSAES with PKCS1-v1_5 padding scheme. Use of this algorithm is generally not recommended.

Key Encryption

RFC 7516, [Security Vulnerability], [SOG-IS].

RSA-OAEP

RSA Encryption Scheme with Optimal Asymmetric Encryption Padding (OAEP) using default parameters.

Key Encryption

RFC 7518, [SOG-IS].

HS256

HMAC using SHA256.

Signature

RFC 7518.

HS384

HMAC using SHA384.

Signature

RFC 7518.

HS512

HMAC using SHA512

Signature

RFC 7518.