Title
Cryptographic Algorithms Profile
Description
The Cryptographic Algorithms Profile specifies the use of public standards for cryptographic algorithm interoperability to protect IT systems.

Reference document

Org
FMN
Pubnum
Date
2022-12-02
Version
Title
Proposed FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CANDIDATE

Guidance

The following algorithms and parameters are to be used to support specific functions

  • Root CA Certificates

  • Digest Algorithm SHA-256 or SHA-384 (Root CA certificates, which were signed using SHA-1 before 1 January 2016, may be used until 1 January 2025)

  • RSA modulus size (bits) 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • Subordinate CA Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • Subscriber Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.

Even more guidance

  • A digital certificate service provider shall choose which combination of algorithm and keylength chain to build. The service portfolio may contain several parallel solutions.
  • You shall not mix key-algorithms in one CA/sub-CA chain.
  • A digital certificate service consumer shall support the full spectrum of possible combinations in algorithm and keylength.
  • During a mission instantiation, the service designer shall verify service consumer capabilities with regard to supported algorithms.

Status

URI

History

Flag Date RFC Version
added 2023-01-23 14-32 15
UUID
95047a32-4910-4c7f-b383-5d9b6374f7ff

Utilization

This profile is used by the following profiles: