Public Key Infrastructure (PKI) of ANF AC


The device approval process is carried out by the ANF AC´s Engineering Department. The main objective of the process is to verify:

  1. If it complies with the norms and standards in this area.
  2. It is interoperable with applications distributed by ANF AC.

Cryptographic Components:

- Signature algorithm: SHA-256WithRSAEncryption

- Digestion algorithm: SHA-256 y SHA-512

- Key length: 1024 bits, 2048 bits and 4096 bits

- Symmetric encryption algorithm: AES

- Asymmetric encryption algorithm: RSA

Cryptographic API’s:


- Open SSL
- ANF CryptoToken
- ANF AC WSI (ANF AC Web Signature and Identification)
- ANF AC Certificate Practice Statement (CPS)

Cryptographic API’s:

PKCS # 11 of ANF AC:

- Cryptographic Module (HSM) - Issuer of Certificates
- Thales (nCipher)
- Cryptographic Module (HSM) – End user

STMicroelectronics cryptographic chip
Download Certification

ID-One Cosmo V7.0-n EAL 5+
Download Certification

NXP cryptographic chip
Download Certification

INSIDE cryptographic chip
Download Certification

In the approval process, the recommendations published by:

  • IETF RFC 3279, updated by RFC 4055, RFC 4491, RFC 5480, RFC 5758 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL) Profile.
  • IETF RFC 4055: Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Updated by RFC 5756 Updates for RSAES-OAEP and RSASSA-PSS Algorithm Parameters.
    • CAB FORUM.
    • National Institute of Standards and Technology (NIST)are taken into account.