Public Key Infrastructure (PKI) of ANF AC
The device approval process is carried out by the ANF AC´s Engineering Department. The main objective of the process is to verify:
- If it complies with the norms and standards in this area.
- It is interoperable with applications distributed by ANF AC.
- Signature algorithm: SHA-256WithRSAEncryption
- Digestion algorithm: SHA-256 y SHA-512
- Key length: 1024 bits, 2048 bits and 4096 bits
- Symmetric encryption algorithm: AES
- Asymmetric encryption algorithm: RSA
BouncyCastle:- Open SSL
- ANF CryptoToken
- ANF AC WSI (ANF AC Web Signature and Identification)
- ANF AC Certificate Practice Statement (CPS)
PKCS # 11 of ANF AC:
- Cryptographic Module (HSM) - Issuer of Certificates
- Thales (nCipher)
- Cryptographic Module (HSM) – End user
In the approval process, the recommendations published by:
- IETF RFC 3279, updated by RFC 4055, RFC 4491, RFC 5480, RFC 5758 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL) Profile.
- IETF RFC 4055: Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Updated by RFC 5756 Updates for RSAES-OAEP and RSASSA-PSS Algorithm Parameters.
- CAB FORUM.
- National Institute of Standards and Technology (NIST)are taken into account.