Title
Cryptographic Algorithms Profile
Description
The Cryptographic Algorithms Profile specifies the use of public standards for cryptographic algorithm interoperability to protect IT systems.

Reference document

Org
FMN
Pubnum
Date
2023-10-16
Version
Title
FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Guidance

The following algorithms and parameters are to be used to support specific functions

  • ’’’ Root CA Certificates

  • Digest Algorithm SHA-256 or SHA-384 (Root CA certificates, which were signed using SHA-1 before 1 January 2016, may be used until 1 January 2025)

  • RSA modulus size (bits) 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • ’’’ Subordinate CA Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

  • ’’’ Subscriber Certificates

  • Digest Algorithm SHA-256 or SHA-384

  • RSA modulus size (bits) 2048, 3072 or 4096

  • ECC Curve NIST P-256 or P-384

For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.

Even more guidance

  • A digital certificate service provider shall choose which combination of algorithm and keylength chain to build. The service portfolio may contain several parallel solutions.
  • You shall not mix key-algorithms in one CA/sub-CA chain.
  • A digital certificate service consumer shall support the full spectrum of possible combinations in algorithm and keylength.
  • During a mission instantiation, the service designer shall verify service consumer capabilities with regard to supported algorithms.

Status

URI

History

Flag Date RFC Version
added 2023-12-01 15-023 15
UUID
4cb726fa-381e-489b-b646-ff8e5626af53

Utilization

This profile is used by the following profiles: