Technical Specifications
Cryptographic Algorithms

Cryptographic Algorithms

Signing Algorithms

This section lists all required signing algorithms that need to be supported and are commonly used by other parts of the technical specification.

ECDSA using P-256 and SHA-256

Elliptic Curve Digital Signature Algorithm (opens in a new tab) (ECDSA) using Curve P-256 (opens in a new tab) (D.2.2) and SHA-256 (opens in a new tab) is the most commonly used signing algorithms within Company Passport and MUST be supported.

ECDSA using P-256 and SHA-256 is NIST approved, and is a generally well-supported signing algorithm in Hardware Security Modules (HSM) and on-device secure enclaves. on iOS (opens in a new tab) it is the only supported hardware-backed signing algorithm.

ECDSA using P-256 and SHA-256 is registered using alg value ES256 (opens in a new tab) and crv value P-256 (opens in a new tab) of the JWK in the JSON Web Algorithms (JWA) specification. It can also be expressed with object identifiers (OID) 1.2.840.10045.4.3.2 (opens in a new tab) for ECDSA with SHA-256 and 1.2.840.10045.3.1.7 (opens in a new tab) for Curve P-256.

Hashing Algorithms

This section lists all required hashing algorithms that need to be supported and are commonly used by other parts of the technical specification.

SHA-256

SHA-256 (opens in a new tab) is the most commonly used hashing algorithm across Attestation Formats, Issuance Protocols and Verification Protocols and MUST be supported.

SHA-256 is registered using alg value sha-256 (opens in a new tab) in RFC 6920.

Additional requirements

Additional requirements on cryptographic algorithms may be defined by specifications required in Company Passport, and MUST be supported in-line with the requirements set forth by those specifications.

ISO/IEC 18013-5 mDL Attestation Format

The ISO/IEC 18013-5 mDL Attestation Format adds additional requirements on cryptographic algorithms that MAY need to be supported, depending on the Cipher Suite used:

Key ManagementAuthentication and Authorization