MINISTRY OF NATIONAL DEFENSE OF VIETNAM
-------
|
SOCIALIST REPUBLIC OF VIETNAM
Independence – Freedom – Happiness
---------------
|
No. 23/2022/TT-BQP
|
Hanoi, April 4, 2022
|
CIRCULAR
PROMULGATION OF THE “NATIONAL TECHNICAL REGULATION ON
CRYPTOGRAPHIC TECHNICAL SPECIFICATION USED IN CIVIL CRYPTOGRAPHY PRODUCTS UNDER
IP SECURITY PRODUCTS GROUP WITH IPSEC AND TLS”
Pursuant to the Law on
Standards and Technical Regulations dated June 29, 2006;
Pursuant to the Law on
Cybersecurity dated November 19, 2015;
Pursuant to Decree No.
127/2007/ND-CP dated August 1, 2007 of the Government of Vietnam elaborating on
the Law on Standards and Technical Regulations amended by Decree No. 78/2018/ND-CP
dated May 16, 2018 of the Government of Vietnam;
Pursuant to Decree No.
164/2017/ND-CP dated December 30, 2017 of the Government of Vietnam on
functions, tasks, entitlements, and organizational structure of the Ministry of
National Defense of Vietnam;
Pursuant to Decree No.
09/2014/ND-CP dated January 27, 2014 of the Government of Vietnam on functions,
tasks, entitlements, and organizational structure of the Government Cipher
Committee;
At the request of the
Head of the Government Cipher Committee;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 1. The national technical regulation on cryptographic
technical specification used in civil cryptography products under IP security
products group with IPsec and TLS is promulgated together with this Circular.
Symbol: QCVN 01:2022/BQP.
Article 2. This Circular comes into force as of May 20, 2022.
Article 3. Head of the Government Cipher Committee, Directors of
agencies, units, and relevant organizations and individuals shall implement
this Circular./.
PP. MINISTER
DEPUTY MINISTER
Colonel General Nguyen Tan Cuong
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
NATIONAL TECHNICAL REGULATION ON CRYPTOGRAPHIC TECHNICAL
SPECIFICATION USED IN CIVIL CRYPTOGRAPHY PRODUCTS UNDER IP SECURITY PRODUCTS
GROUP WITH IPSEC AND TLS
TABLE OF CONTENTS
Preface
1 GENERAL
PROVISIONS
1.1 Scope
1.2 Regulated
entities
1.3 References
1.4
Interpretation of terms
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1.6 Symbols
2 TECHNICAL
REGULATIONS
2.1 GENERAL
PROVISIONS
2.2 Regulations
on cryptographic specifications
2.2.1 Regulations
on cryptographic algorithms
2.2.2 Regulations
on safety and use time
2.3 Regulations
on safety of use in protocols
2.3.1 Regulations
on safety of use in IPsec
2.3.2 Regulations
on safety of use in TLS protocols
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4
RESPONSIBILITIES OF ORGANIZATIONS AND INDIVIDUALS
5 IMPLEMENTATION
APPENDIX A
REFERENCES
Preface
QCVN 01:2022/BQP is
compiled by the National Agency of Cryptography and Information Security -
Government Cipher Committee, presented to the Ministry of Science and
Technology of Vietnam for appraisal by the Government Cipher Committee, and
promulgated by the Minister of National Defense of Vietnam together with
Circular No. 23/2022/TT-BQP dated April 4, 2022.
NATIONAL TECHNICAL REGULATION ON CRYPTOGRAPHIC TECHNICAL
SPECIFICATION USED IN CIVIL CRYPTOGRAPHY PRODUCTS UNDER IP SECURITY PRODUCTS
GROUP WITH IPSEC AND TLS
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1.1 Scope
This Regulation provides
for the limit of cryptographic technical specifications of IP security products
with IPsec and TLS serving the protection of information not subject to state
secrets.
1.2 Regulated
entities
This Regulation applies
to organizations and individuals engaging in the business and the use of civil
cryptography products to protect information not subject to state secrets.
1.3 References
TCVN 11367-3:2016
(ISO/IEC 18033-3:2010) "Công nghệ thông tin - Các kỹ thuật an toàn -
Thuật toán mật mã - Phần 3: Mã khối". (Information technology - Security
techniques - Encryption algorithms - Part 3: Block ciphers).
TCVN 12213:2018 (ISO/IEC
10116:2017) “Công nghệ thông tin - Các kỹ thuật an toàn - Chế độ hoạt động
của mã khối n-bit” (Information technology - Security techniques - Modes of
operation for an n-bit block cipher).
TCVN 12853:2020 (ISO/IEC
18031:2011 With amendment 1:2017) “Công nghệ thông tin - Các kỹ thuật an
toàn - Bộ tạo bit ngẫu nhiên" (Information technology - Security
techniques - Random bit generation).
TCVN 11816 (ISO/IEC
10118) “Công nghệ thông tin - Các kỹ thuật an toàn - Hàm băm - Phần 3: Hàm
băm chuyên dụng" (Information technology - Security techniques -
Hash-functions - Part 3: Dedicated hash-functions).
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
National
Institute of Standards and Technology, FIPS 186-4 “Digital Signature
Standard (DSS)”, July 2013.
National
Institute of Standards and Technology, FIPS 180-4 “Secure Hash Standard
(SHS)”, August 2015.
National
Institute of Standards and Technology, FIPS 198-1 “The Keyed-Hash Message
Authentication Code (HMAC)”, July 2008.
National
Institute of Standards and Technology, FIPS 202 “SHA-3 Standard:
Permutation-Based Hash and Extendable-Output Functions", National Institute of Standards
and Technology, August 2015.
[RFC 4309]: “Using
Advanced Encryption Standard (AES) CCM Mode with IPsec
Encapsulating Security Payload (ESP)”, Internet Engineering Task Force (IETF), December 2005.
[RFC 2612]: “The
CAST-256 Encryption Algorithm”, Internet Engineering Task Force (IETF),
June 1999
[RFC 7801]: “GOST
R 34.12-2015: Block Cipher “Kuznyechik"", Internet Engineering
Task Force (IETF), March 2016.
[RFC 5832]: “GOST
R 34.10-2001: Digital Signature Algorithm", Internet Engineering Task
Force (IETF), March 2010.
[RFC 7091]: "GOST
R 34.10-2012: Digital Signature Algorithm", Internet Engineering Task
Force (IETF), December 2013.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
[RFC 4494]: "The
AES-CMAC-96 Algorithm and Its use with IPsec", Internet Engineering
Task Force (IETF), June 2006.
[RFC 4868]: “Using
HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec”, Internet
Engineering Task Force (IETF), May 2007.
1.4.
Interpretation of terms
For the purpose of this
Regulation, the following terms shall be construed as follows:
1.4.1 Information not
subject to state secrets
Information not subject
to state secrets is the information not included in the content of “top
secret”, “secret”, and “confidential” information as prescribed in the Law on
State Secret Protection dated November 15, 2018.
1.4.2
Cryptography
Cryptography means
particular principles and conventions to change the display of information to
ensure confidentiality, authenticity, and integrity of the content of
information.
1.4.3 Civil
cryptography
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1.4.4 Civil
cryptography products
Civil cryptography
products are documents, technical equipment, and cryptographic operations to
protect information not subject to state secrets.
1.4.5 IP
security products
IP security products are
cryptographic products using cryptographic techniques and technology to ensure
the confidentiality of data transmitted or received on the IP network
environment.
1.4.6
Cryptographic techniques
Cryptographic techniques
are methods and means with the application of cryptography to protect
information.
1.4.7 Encryption
Encryption is the process
of using cryptographic techniques to change the display of information.
1.4.8 Decryption
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1.4.9 Key
Key is a sequence of
characters that control the encryption or decryption
1.4.10 Symmetric
cryptography
Symmetric cryptography is
the case where a key used for both the encryption and decryption algorithms may
be identical, or there may be a simple transformation to calculate the
encryption key when the decryption key is identified and vice versa.
1.4.11
Asymmetric cryptography
Asymmetric cryptography
is the case where the key used for encryption and decryption contains two
components known as the public and private keys. In asymmetric cryptography, it
is easy to calculate the public key if the private key is identified, but it is
impossible to calculate the private key from the public key.
1.4.12
Cryptographic hash function
Cryptographic hash
function is the algorithm that performs the process of transforming an input
data sequence of any length into a typical output data sequence of a fixed
length.
1.4.13 Message
authentication algorithm
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
- It is easy to calculate regarding any key and input data
sequence;
- With any static key and no known key in advance, it is
impossible to calculate the value of the output data sequence with any new
input data sequence
1.5.
Abbreviations
Abbreviation
English name
Vietnamese name
AES
Advanced
Encryption Standard
Tiêu chuẩn mã
hóa tiên tiến
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Authentication
Header
Xác thực thông
tin điều khiển gói IP
CAST
Carlisle Adams
- Stafford Tavares
Tên của hệ mã
do hai nhà toán học Carlisle Adams và Stafford Tavares phát minh
CBC
Cipher Block
Chaining Mode
Chế độ móc xích
khối mã
CCM
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Bộ đếm với mã
xác thực thông báo khối mã hóa
CFB
Cipher Feedback
Mode
Chế độ phản hồi
bản mã
CTR
Counter Mode
Chế độ bộ đếm
CTR_DRBG
Counter -
Deterministic Random Bit Generator
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
DH
Diffie-Hellman
Thuật toán trao
đổi khóa Diffie-Hellman
DRBG
Deterministic
Random Bit Generator
Bộ tạo bit ngẫu
nhiên tất định
DSA
Digital
Signature Algorithm
Thuật toán chữ
ký số
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Elliptic Curve
Đường cong
Elliptic
ECDSA
Elliptic Curve
Digital Signature Algorithm
Thuật toán chữ
ký số dựa trên đường cong Elliptic
ESP
Encapsulating
Security Payload
Đóng gói an
toàn dữ liệu
FIPS
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Tiêu chuẩn xử
lý thông tin liên bang (Hoa Kỳ)
GCM
Galois/Counter
Mode
Chế độ
Galois/Bộ đếm
GOST
gosudarstvennyy
standard
Tiêu chuẩn quốc
gia Liên bang Nga
Hash_DRBG
Hash
Deterministic Random Bit Generator
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
HMAC
Hashed Message
Authentication Code
Mã xác thực
thông báo dựa trên hàm băm
HMAC_DRBG
HMAC -
Deterministic Random Bit Generator
Bộ tạo bit ngẫu
nhiên tất định dựa trên HMAC
IKE
Internet Key
Exchange
Giao thức trao
đổi khóa trên Internet
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Internet
Protocol
Giao thức
Internet
IPsec
Internet
Protocol Security
Giao thức bảo
mật mạng IP
MQ_DRBG
Multivariate
Quadratic Deterministic Random Bit Generator
Bộ tạo bit ngẫu
nhiên tất định bậc hai đa biến
MS_DRBG
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Bộ tạo bit ngẫu
nhiên tất định Micali Schnorr
NIST
National
Institute of Standards and Technology
Viện Tiêu chuẩn
và Công nghệ quốc gia (Hoa Kỳ)
NRBG
Non-deterministic
Random Bit Generator
Bộ tạo bit ngẫu
nhiên bất định
OFB
Output Feedback
Mode
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
RFC
Request for
Comments
Đặc tả kỹ thuật
do tổ chức IETF (Internet Engineering Task Force) công bố
RSA
Rivest - Shamir
- Adleman
Tên của hệ mã
do ba nhà toán học Rivest, Shamir và Adleman phát minh
SHA
Secure Hash
Algorithm
Thuật toán băm
an toàn
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Special
Publication
Ấn phẩm đặc
biệt (Viện Tiêu chuẩn và Kỹ thuật quốc gia Hoa Kỳ)
TCVN
Tiêu chuẩn quốc
gia Việt Nam
TDEA
Triple Data
Encryption Algorithm
Thuật toán mã
hóa dữ liệu Triple-DES
TLS
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Bảo mật tầng
giao vận
VPN
Virtual Private
Network
Mạng riêng ảo
1.6 Symbols
Symbol
Description
nlen
Regarding the RSA
algorithm: nlen is the length of the modulo in bits;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
L
Regarding DSA and DH
algorithms: L is the bit length of prime parameter p
N
Regarding DSA and DH
algorithms: N is the bit length of prime parameter q
2 TECHNICAL
REGULATIONS
2.1 GENERAL
PROVISIONS
- Regarding civil cryptography products with IPsec VPN, it is
allowed to use IKEv1 and IKEv2 key exchange protocols and ESP encapsulation
protocol.
- Regarding civil cryptography products with TLS VPN, it is
allowed to use TLS 1.2 and TLS 1.3 protocols.
2.2 Regulations
on cryptographic specifications
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Civil cryptography
products with IPsec VPN and TLS VPN shall satisfy the following regulations:
2.2.1.1
Symmetric cryptography
- Use the following algorithms prescribed in the list below:
NO.
Algorithm
Reference
1
AES
[TCVN 11367-3], [TCVN 12213], [SP 800-38D], [RFC 4309]
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
TDEA
[TCVN 11367-3], [TCVN 12213]
3
Camellia
4
SEED
5
CAST
[TCVN 11367-3], [RFC 2612]
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
GOST R 34.12-2015
[TCVN 12213], [RFC 7801]
2.2.1.2
Asymmetric cryptography
- Use following algorithms prescribed in the list below:
NO.
Algorithm
Reference
1
RSA
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2
DSA
[FIPS 186-4]
3
ECDSA
4
DH
[FIPS 186-4], [SP 800-56A Rev. 3]
5
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
6
GOST R 34.10-2001
[RFC 5832]
7
GOST R 34.10-2012
[RFC7091]
2.2.1.3
Cryptographic hash function
- Use following algorithms prescribed in the list below:
NO.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Reference
1
SHA-256,
SHA-384, SHA-512/256, SHA-512
[TCVN 11816-3], [FIPS 180-4],
2
SHA3-256,
SHA3-384, SHA3-512
[FIPS 202]
2.2.1.4 Message
authentication algorithm
- Use following algorithms prescribed in the list below:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Algorithm
Reference
1
AES-XCBC-96
[RFC 3566]
2
AES-CMAC-96
[RFC 4494]
3
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
[RFC 4868]
4
HMAC-SHA-256
5
HMAC-SHA-384-192
6
HMAC-SHA-384
7
HMAC-SHA-512-256
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
HMAC-SHA-512
9
HMAC-SHA3-256
[FIPS 198-1]
[FIPS 202]
10
HMAC-SHA3-384
11
HMAC-SHA3-512
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
- Use the following random number generators prescribed in
the list below:
NO.
Algorithm
Reference
1
Hash_DRBG
[TCVN 12853]
2
HMAC_DRBG
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
CTR_DRBG
4
OFB_DRBG
5
MS_DRBG
6
MQ_DRBG
7
XOR - NRBG
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8
Oversampling-NRBG
Construction
2.2.2
Regulations on safety and use time
2.2.2.1
Symmetric cryptography
NO.
Algorithm
Key size in bits
Allowed modes
Use until
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
AES
≥ 128
CBC, CFB, OFB, GCM, CCM, CTR
2027
2
TDEA
192
CBC, CFB, OFB, CTR
2025
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Camellia
≥ 128
CBC, CFB, OFB, GCM, CCM, CTR
2027
4
SEED
≥ 128
CBC, CFB, OFB, GCM, CCM, CTR
2027
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
CAST
≥ 128
CBC, CFB, OFB, CTR
2027
6
GOST R 34.12-2015
256
CTR, CFB
2027
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
NO.
Algorithm
Parameter size in bits
Use until
1
RSA
nlen = 2048
2025
nlen ≥ 3072
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2
DSA, DH
L = 2048, N
= 256
2025
L ≥ 3072, N
≥ 256
2027
3
ECDH
nlen ≥ 256
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4
ECDSA
5
GOST R 34.10-2001
nlen ≥ 256
2027
6
GOST R 34.10-2012
NOTES:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Sets of specific
parameters for GOST R 34.10-2001 and GOST R 34.10-2012 algorithms in this
regulation are applicable according to RFC 5832 and RFC 7091.
2.2.2.3
Cryptographic hash function
NO.
Algorithm
Use until
1
SHA-256,
SHA-384, SHA-512/256, SHA-512
2027
2
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2027
2.2.2.4 Message
authentication algorithm
NO.
Algorithm
Use until
1
AES-XCBC-96
2027
2
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2027
3
HMAC-SHA-256-128
2027
4
HMAC-SHA-256
2027
5
HMAC-SHA-384-192
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
6
HMAC-SHA-384
2027
7
HMAC-SHA-512-256
2027
8
HMAC-SHA-512
2027
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
HMAC-SHA3-256
2027
10
HMAC-SHA3-384
2027
11
HMAC-SHA3-512
2027
2.3 Regulations
on safety of use in protocols
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
- It is not allowed to use Aggressive Mode in IKEv1 protocol,
and IKEv1 protocol is allowed to be used until 2025.
- It is not allowed to use the AH protocol.
- It is not allowed to use ESP protocol with only data
authentication mechanisms
- Methods of protecting keys stored as files on equipment (if
any) may be used.
2.3.2
Regulations on safety of use in TLS protocols
- It is not allowed to share keys based on the Diffie-Hellman
algorithm using static keys (Static Diffie-Hellman).
- It is not allowed to install extensions that permit the use
of versions before TLS 1.2 on the TLS server.
- The X.509 v3 digital
certificate format may be used for TLS (if any).
- Methods of protecting
keys stored as files on equipment (if any) may be used.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
- Additional requirements for TLS version 1.3:
+ It is not allowed to
use the CBC mode in symmetric cryptography
+ It is not allowed to
use the MAC-then-Encrypt mode (Non-AHEAD Ciphers).
+ It is not allowed to
trade keys using the RSA algorithm.
+ It is not allowed to
use the digital signature/authentication scheme RSASSA-PKCS1-v1_5.
3 REGULATIONS ON
MANAGEMENT
3.1. The limits of cryptographic technical specifications
mentioned in this Regulation are quality criteria for management according to
regulations on quality management of civil cryptography products prescribed in
the Law on Cybersecurity dated November 19, 2015.
3.2 Disclosure of conformity, certificates of conformity,
product quality inspection, and remedies for consequences of penalties due to
administrative violations according to Circular No. 28/2012/TT-BKHCN dated
December 12, 2012, Circular No. 02/2017/TT-BKHCN dated March 31, 2017 on
amendments to Circular No. 28/2012/TT-BKHCN dated December 12, 2012, and
Circular No. 06/2020/TT-BKHCN dated December 10, 2020. Management of the
disclosure of conformity based on the certification results of certificating
organizations designated by law.
3.3 State management agencies are competent to decide on the
annual or irregular implementation of activities of inspection and quality
assessment of civil cryptography products.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Organizations and
individuals engaging in the business of civil cryptography products subject to
the scope of this Regulation shall implement regulations on certification and
disclosure of conformity and be subject to the inspection of state management
agencies according to current regulations.
5 IMPLEMENTATION
The National Agency of
Cryptography and Information Security - Government Cipher Committee shall
provide guidelines and implement the technical management of cryptography
according to this Regulation.
The Government Cipher
Committee shall assist the Minister of National Defense of Vietnam in
reviewing, amending, and supplementing this Regulation to ensure practical
suitability and satisfy management requirements./.
APPENDIX A
(Regulation)
Regulations on the HS code of IP security products with
IPsec and TLS
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Name of the product or goods according to the National
Regulation
HS code
Description of the product/goods
01
Civil cryptography
products under IP security and channel security product group
8471.30.90
Products using IPsec
VPN or TLS VPN to ensure the safety and confidentiality of data transmitted
or received on the IP network environment.
02
8471.41.90
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8471.49.90
04
8471.80.90
05
8517.62.10
06
8517.62.21
07
8517.62.29
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8517.62.30
09
8517.62.41
10
8517.62.42
11
8517.62.49
12
8517.62.51
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8517.62.52
14
8517.62.53
15
8517.62.59
16
8517.62.61
17
8517.62.69
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8517.62.91
19
8517.62.92
20
8517.62.99
21
8525.50.00
22
8525.60.00
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
8528.71.11
24
8528.71.19
25
8528.71.91
26
8528.71.99
REFERENCES
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2. National
Institute of Standards and Technology, “Guide to SSL VPNs” July 2008.
3. National
Institute of Standards and Technology, “Guidelines for the Selection,
Configuration, and Use of Transport Layer Security (TLS) Implementations",
August 2019.
4. Federal Office
for Information Security, Technical Guideline TR-02102-2 "Cryptographic
Mechanisms: Recommendations and Key Lengths”. 2021.
5. Federal Office
for Information Security, Technical Guideline TR-02102-3 “Cryptographic
Mechanisms: Recommendations and Key Lengths”, 2021.
6. National
Institute of Standards and Technology, Special Publication 800-131A "Transitioning
the Use of Cryptographic Algorithms and Key Lengths”, March 2019.
7. National
Institute of Standards and Technology, Special Publication 800-90A “Recommendation
for Random Number Generation Using Deterministic Random Bit Generators”, June 2015.
8. National
Institute of Standards and Technology, Special Publication 800-90C (Second
Draft) "Recommendation for Random Bit Generator (RBG) Constructions”,
April 2016.
9. National
Institute of Standards and Technology, Special Publication 800-57 Part 1 Rev. 5
“Recommendation for Key Management: Part 1 - General”, May 2020.
10. National
Institute of Standards and Technology, Special Publication 800-203 “2017
NIST/ITL Cybersecurity Program Annual Report”, July 2018.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
12. National
Institute of Standards and Technology, Special Publication 800-56B Revision 2 “Recommendation
for Pair-Wise Key Establishment Using Integer Factorization Cryptography”, March 2019.
13. National
Institute of Standards and Technology, Special Publication 800-38D “Recommendation
for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC”
November 2007.
14. RSA
Laboratories, “PKCS#1 v2.1: RSA Cryptography Standard”, June 2002.
15. [RFC 8247]: “Algorithm
Implementation Requirements and Usage Guidance for the Internet Key Exchange
Protocol Version 2 (IKEv2)”, Internet Engineering Task Force (IETF), September
2017.
16. [RFC 7427]: “Signature
Authentication in the Internet Key Exchange Version 2 (IKEv2)”, Internet
Engineering Task Force (IETF), January 2015.
17. [RFC 4754]: “IKE
and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm
(ECDSA)”, Internet Engineering Task Force (IETF), January 2007.
18. [RFC 8446]: “The
Transport Layer Security (TLS) Protocol Version 1.3”, Internet
Engineering Task Force (IETF), August 2018.
19. [RFC 8422]: “Elliptic
Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions
1.2 and Earlier”, Internet Engineering Task Force (IETF), August 2018.
20. [RFC 8734]: “Elliptic
Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)
Version 1.3”, Internet Engineering Task Force (IETF), February 2020.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.