Title
Cryptographic Algorithms Profile
Description
The Cryptographic Algorithms Profile specifies the use of public standards for cryptographic algorithm interoperability to protect IT systems.

Reference document

Org
FMN
Pubnum
Date
2021-10-22
Version
Title
FMN Spiral 4 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Guidance

The following algorithms and parameters are to be used to support specific functions

  • Root CA Certificates

  • Digest Algorithm SHA-256 or SHA-384 (Root CA certificates, which were signed using SHA-1 before 1 January 2016, may be used until 1 January 2025)

  • RSA modulus size (bits) 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • Subordinate CA Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • Subscriber Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.

Even more guidance

  • A digital certificate service provider shall choose which combination of algorithm and keylength chain to build. The service portfolio may contain several parallel solutions.
  • You shall not mix key-algorithms in one CA/sub-CA chain.
  • A digital certificate service consumer shall support the full spectrum of possible combinations in algorithm and keylength.
  • During a mission instantiation, the service designer shall verify service consumer capabilities with regard to supported algorithms.

Status

URI

History

Flag Date RFC Version
added 2022-12-23 14-059 15
UUID
7a677a9d-78e1-49e3-bd7a-18f9f1f6ea71

Utilization

This profile is used by the following profiles: