📝
Security Standards
  • Overview – Security Standards
  • Background
  • Layered Security
  • Mapping layered security with AA ecosystem APIs
  • API Design Strategy Best Practices
  • Annexures
    • Annexure A – Business Layer Security – End-to-End Encryption
    • Annexure B – Application Layer Security – JWS Signature
    • Annexure C – Protocol Layer security – Payload Encryption using TLSv1.2
Powered by GitBook
On this page

Was this helpful?

  1. Annexures

Annexure A – Business Layer Security – End-to-End Encryption

PreviousAPI Design Strategy Best PracticesNextAnnexure B – Application Layer Security – JWS Signature

Last updated 3 years ago

Was this helpful?

Cryptographic primitives
Minimum Implementation Standards

Key Exchange Algorithm

Elliptic Curve Diffie-Hellman (ECDH) [1]

Elliptic Curve Group

Curve25519 [2]

Message Hash function

SHA-256, HMAC-SHA256 [FIPS PUB 180-4] [3]

Generating the shared session key for encryption

SHA-256 [4], HKDF [5]

Encryption Algorithm

AES-128-GCM [6]

Generation of Random Number

Randomness Requirements for Security [RFC 4086] [7]

[1] [2] [3] [4] [5] [6] [7]

https://tools.ietf.org/html/rfc8418
https://ianix.com/pub/curve25519-deployment.html
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
https://tools.ietf.org/html/rfc5869
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
https://tools.ietf.org/html/rfc4086