Our system supports the following PACE (Password Authenticated Connection Establishment) and CA (Chip Authentication) cryptographic algorithms:
PACE Cryptographic Algorithms
PACE is used to secure the initial communication between a document reader and an electronic document. It helps protect the data from eavesdropping and unauthorized access.
| OID | Algorithm |
|---|---|
| 0.4.0.127.0.7.2.2.4.1.1 | id-PACE-DH-GM-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.4.1.4 | id-PACE-DH-GM-AES-CBC-CMAC-256 |
| 0.4.0.127.0.7.2.2.4.2.1 | id-PACE-ECDH-GM-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.4.2.4 | id-PACE-ECDH-GM-AES-CBC-CMAC-256 |
| 0.4.0.127.0.7.2.2.4.3.1 | id-PACE-DH-IM-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.4.3.4 | id-PACE-DH-IM-AES-CBC-CMAC-256 |
| 0.4.0.127.0.7.2.2.4.4.1 | id-PACE-ECDH-IM-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.4.4.4 | id-PACE-ECDH-IM-AES-CBC-CMAC-256 |
| 0.4.0.127.0.7.2.2.4.6.4 | id-PACE-ECDH-CAM-AES-CBC-CMAC-256 |
CA Cryptographic Algorithms
CA is used for authenticating the chip in an electronic document. It ensures the chip is genuine and has not been tampered with.
| OID | Algorithm |
|---|---|
| 0.4.0.127.0.7.2.2.3.1.1 | id-CA-DH-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.3.2.1 | id-CA-ECDH-3DES-CBC-CBC |
| 0.4.0.127.0.7.2.2.3.1.4 | id-CA-DH-AES-CBC-CMAC-256 |
| 0.4.0.127.0.7.2.2.3.2.4 | id-CA-ECDH-AES-CBC-CMAC-256 |
For full technical details on these protocols, please refer to the BSI standard TR-03105 technical guidelines.
Additional information about security mechanisms for electronic documents is available here.
Comments
Please sign in to leave a comment.