Public Key Infrastructure (PKI) of ANF AC

APPROVED DEVICES


The device approval process is carried out by the ANF AC´s Engineering Department. The main objective of the process is to verify:



  1. If it complies with the norms and standards in this area.
  2. It is interoperable with applications distributed by ANF AC.



Cryptographic Components:



- Signature algorithm: SHA-256WithRSAEncryption

- Digestion algorithm: SHA-256 y SHA-512

- Key length: 1024 bits, 2048 bits and 4096 bits

- Symmetric encryption algorithm: AES

- Asymmetric encryption algorithm: RSA




Cryptographic API’s:



BouncyCastle:

- Open SSL
- ANF CryptoToken
- ANF AC WSI (ANF AC Web Signature and Identification)
- ANF AC Certificate Practice Statement (CPS)


Cryptographic API’s:

PKCS # 11 of ANF AC:

- Cryptographic Module (HSM) - Issuer of Certificates
- Thales (nCipher)
- Cryptographic Module (HSM) – End user

STMicroelectronics cryptographic chip
Download Certification

ID-One Cosmo V7.0-n EAL 5+
Download Certification



NXP cryptographic chip
Download Certification

INSIDE cryptographic chip
Download Certification


In the approval process, the recommendations published by:

  • IETF RFC 3279, updated by RFC 4055, RFC 4491, RFC 5480, RFC 5758 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL) Profile.
  • IETF RFC 4055: Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Updated by RFC 5756 Updates for RSAES-OAEP and RSASSA-PSS Algorithm Parameters.
    • CAB FORUM.
    • National Institute of Standards and Technology (NIST)are taken into account.


NOTICE: http://csrc.nist.gov/groups/ST/hash/policy.html

English