
Guidelines on cryptographic algorithms usage and key management EPC342-08 / Version 9.0 / Produced by PSSG / Date issued: 9 March 2020 This document defines guidelines on cryptographic algorithms usage and key management. © 2020 Copyright European Payments Council (EPC) AISBL: This document is public and may be copied or otherwise distributed provided attribution is made and the text www.epc-cep.eu is not used directly as a source of profit 1 / 72 Guidelines Cryptographic algorithms usage and key management EPC342-08 2020 Version 9.0 Date issued: 9 March 2020 Table of Contents Executive Summary .................................................................................................................... 6 1 Introduction ......................................................................................................................... 8 1.1 Scope of the document .............................................................................................................. 8 1.2 Document structure ................................................................................................................... 8 1.3 Recommendations ..................................................................................................................... 9 1.4 Implementation best practices ................................................................................................ 12 2 Algorithm Taxonomy ......................................................................................................... 14 2.1 Technical Characteristics .......................................................................................................... 14 2.1.1 Primitives........................................................................................................................ 14 2.1.2 Elementary Constructions .............................................................................................. 16 2.2 Typical Usage............................................................................................................................ 17 2.2.1 Confidentiality Protection .............................................................................................. 18 2.2.2 Data Confidentiality ....................................................................................................... 18 2.2.3 Integrity Protection ........................................................................................................ 19 2.3 Standardisation ........................................................................................................................ 19 3 Algorithm Related Design Issues ........................................................................................ 21 3.1 Primitives.................................................................................................................................. 21 3.1.1 Unkeyed ......................................................................................................................... 21 3.1.2 Symmetric Key ............................................................................................................... 22 3.1.3 Asymmetric key .............................................................................................................. 23 3.1.4 Security levels ................................................................................................................ 28 3.1.5 Quantum computing considerations ............................................................................. 30 3.1.6 ISO Recommendation for Financial Services ................................................................. 32 3.2 Constructions ........................................................................................................................... 33 3.2.1 Symmetric Key Encryption ............................................................................................. 33 www.epc-cep.eu 2 / 72 Guidelines on cryptographic algorithms usage and key management EPC342-08 / 2020 Version 9.0 3.2.2 Asymmetric Encryption .................................................................................................. 35 3.2.3 Hybrid Encryption .......................................................................................................... 35 3.2.4 MACs .............................................................................................................................. 35 3.2.5 Digital Signatures ........................................................................................................... 36 3.2.6 Authenticated Encryption .............................................................................................. 38 3.2.7 Distributed ledger technologies ..................................................................................... 38 3.3 Domain of Application ............................................................................................................. 41 3.4 Implementation and interoperability issues ............................................................................ 41 3.4.1 Security protocols .......................................................................................................... 41 3.4.2 Data formatting issues ................................................................................................... 43 3.4.3 Implementation rules..................................................................................................... 43 3.4.4 Key management impact on interoperability ................................................................ 44 3.4.5 Implementation quality and side-channel attacks ........................................................ 44 3.4.6 Algorithm OIDs ............................................................................................................... 45 4 Key Management Issues ..................................................................................................... 46 4.1 Symmetric algorithms .............................................................................................................. 46 4.1.1 Key generation and derivation ....................................................................................... 46 4.1.2 Key backup and storage ................................................................................................. 47 4.1.3 Key distribution .............................................................................................................. 48 4.1.4 Key installation ............................................................................................................... 48 4.1.5 Key usage and key separation ........................................................................................ 49 4.1.6 Key deletion ................................................................................................................... 50 4.1.7 Key cryptoperiod ............................................................................................................ 50 4.2 Asymmetric algorithms ............................................................................................................ 50 4.2.1 Key generation ............................................................................................................... 51 4.2.2 Example of a hybrid key architecture ............................................................................ 51 4.2.3 Key backup and storage ................................................................................................. 52 4.2.4 Key distribution .............................................................................................................. 53 4.2.5 Key agreement and forward secrecy ............................................................................. 54 4.2.6 Public Key installation .................................................................................................... 54 4.2.7 Certificate revocation and expiry ................................................................................... 54 4.2.8 Key usage and key separation ........................................................................................ 55 4.2.9 Key deletion and archiving ............................................................................................. 55 4.2.10 Key crypto period ........................................................................................................ 55 www.epc-cep.eu 3 / 72 Guidelines on cryptographic algorithms usage and key management EPC342-08 / 2020 Version 9.0 4.3 Key recovery and key escrow ................................................................................................... 56 5 Random Numbers .............................................................................................................. 57 6 ANNEX I: Terminology ........................................................................................................ 58 7 ANNEX II: Bibliography ....................................................................................................... 62 List of figures Figure 1: A technical taxonomy of cryptographic primitives and mechanisms ................................. 14 Figure 2: Example of key hierarchy for symmetric keys .................................................................... 46 Figure 3: A hybrid key hierarchy with asymmetric and symmetric keys (for data confidentiality) .. 52 List of tables Table 1: Recommendations ..............................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages72 Page
-
File Size-