Security standards and NIST compliance in Digital Access component

This article describes the compliance of the Smart ID Digital Access component to security standards and NIST-approved cryptographic algorithms. 

Security standards

• PKI – Public Key Infrastructure, see https://en.wikipedia.org/wiki/PKCS

• Javascript Object Signing and Encryption (JOSE), see https://www.iana.org/assignments/jose/jose.xhtml

• RSA2048 key size, or higher.

• RSA PKCS#1 signature with SHA-256, see https://tools.ietf.org/html/rfc8017

• AES encryption, see https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf

• X.509 certificates support, see https://tools.ietf.org/html/rfc2459

• PKCS#10 Certificate Signing Request, see https://tools.ietf.org/html/rfc2986  

• PKCS#12 archive file format bundling private keys with X.509 Certificates, see https://tools.ietf.org/html/rfc7292