Security Standards

Annexure A – Business Layer Security – End-to-End Encryption

Cryptographic primitives

Minimum Implementation Standards

Key Exchange Algorithm

Elliptic Curve Diffie-Hellman (ECDH) [1]

Elliptic Curve Group

Curve25519 [2]

Message Hash function

SHA-256, HMAC-SHA256 [FIPS PUB 180-4] [3]

Generating the shared session key for encryption

SHA-256 [4], HKDF [5]

Encryption Algorithm

AES-128-GCM [6]

Generation of Random Number

Randomness Requirements for Security [RFC 4086] [7]

[1] https://tools.ietf.org/html/rfc8418 [2] https://ianix.com/pub/curve25519-deployment.html [3] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf [4] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf [5] https://tools.ietf.org/html/rfc5869 [6] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf [7] https://tools.ietf.org/html/rfc4086

PreviousAPI Design Strategy Best Practices NextAnnexure B – Application Layer Security – JWS Signature

Last updated 3 years ago