Where to store a key size? #37
Comments
stevespringett
added a commit
to CycloneDX/specification
that referenced
this issue
Nov 16, 2023
The new property 'parameterSetIdentifier' replaces 'variant' and contains information about the parameter set identifying an algorithm. This can be, for example, the key length (in AES), the digest length (in SHA2), or the hash algorithm used internally (in SLH-DSA / FIPS205). The "description" field contains some examples. This PR is motivated by IBM/CBOM#37 and intends to address its use case. Tagging @stevespringett, @n1ckl0sk0rtge, @mrutkows, @GeroDittmann
|
Closing with the upstream to CycloneDX 1.6 and the merge of CycloneDX/specification#339. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We discussed two options to express a key size in
algorithmProperties:classicalSecurityLevelfield?)keysizeor justsize(to alternatively cover block size etc. where required) or something along those lines.IIUC the security strength concept might be intuitive enough for the community—probably helped by some documentation how to set and interpret it.
The text was updated successfully, but these errors were encountered: