Skip to content

update crypto suites to require at least ECDSA w/ P-256 and SHA-256 #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Oct 2, 2025
Merged

update crypto suites to require at least ECDSA w/ P-256 and SHA-256 #295

merged 14 commits into from
Oct 2, 2025

Conversation

@awoie
Copy link
Collaborator

@awoie awoie commented Oct 1, 2025
edited
Loading

  • fixes consider adding MTI crypto suites  #112
  • update crypto suites to require at least ECDSA w/ P-256 and SHA-256
  • note it uses -7 for COSE and further specifies which curve because this is required for -7 to be precise

jogu
jogu reviewed Oct 2, 2025
View reviewed changes
javereec
javereec reviewed Oct 2, 2025
View reviewed changes
@awoie @javereec
Applied Jan's editorial suggestion
131e030 
Co-authored-by: Jan Vereecken <ciao@janvereecken.com>
javereec
javereec reviewed Oct 2, 2025
View reviewed changes
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
openid4vc-high-assurance-interoperability-profile-1_0.md Outdated

The hash algorithm SHA-256 MUST be supported by all the entities to generate and validate the digests in the IETF SD-JWT VC and ISO mdoc.

Although support for the above algorithm is mandatory, an Issuer, Verifier, or Wallet MAY reject a particular hashing algorithm or the corresponding protected artifact if there are reasonable security, privacy, or policy concerns (e.g., suspected compromise or non-compliance). Such decisions are out of scope of the algorithm requirements but can be necessary in real-world deployments.
Copy link
Contributor

@Sakurann Sakurann Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think these requirements should apply to Crypto Suites section too? reads like they apply only to Hash Algorithms section?

Copy link
Collaborator Author

@awoie awoie Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have the same section in both places. I suggest to refactor the sections and structure on crypto suites/hashing algorithms once this PR got merged. I don't think the current structure is great. IMO, most of the requirements should go into the specific flows and/or credential formats sections instead of having dedicated crypto suite and hashing algorithm sections. We did the same thing for ECDH-ES with P-256 and A128GCM for instance.

This follow up PR would be fully editorial and can be done during the review period for this reason.

@awoie awoie changed the title fix: update crypto suites to require at least ECDSA w/ P-256 and SHA-256 update crypto suites to require at least ECDSA w/ P-256 and SHA-256 Oct 2, 2025
awoie
awoie commented Oct 2, 2025
View reviewed changes
awoie
awoie commented Oct 2, 2025
View reviewed changes
awoie
awoie commented Oct 2, 2025
View reviewed changes
awoie and others added 2 commits October 2, 2025 17:44
@awoie @javereec
Applied Jan's suggestion
7d6f544 
Co-authored-by: Jan Vereecken <ciao@janvereecken.com>
@Sakurann @awoie
Apply suggestion from @awoie
67c0e1f 
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
Sakurann and others added 3 commits October 2, 2025 18:08
@Sakurann
Apply suggestion from @Sakurann
0fbdefe
@Sakurann @awoie
Apply suggestion from @awoie
64ea81b 
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
@Sakurann @awoie
Apply suggestion from @awoie
07291b1 
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
@Sakurann Sakurann mentioned this pull request Oct 2, 2025
Closed
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
Sakurann
Sakurann reviewed Oct 2, 2025
View reviewed changes
@Sakurann Sakurann requested a review from javereec October 2, 2025 16:31
@Sakurann Sakurann merged commit 2147e0b into main Oct 2, 2025
2 checks passed
@Sakurann Sakurann added this to the 1.0 Final milestone Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javereec javereec javereec approved these changes

@jogu jogu jogu approved these changes

@paulbastian paulbastian paulbastian approved these changes

@Sakurann Sakurann Sakurann approved these changes

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

@GarethCOliver GarethCOliver Awaiting requested review from GarethCOliver

@leecam leecam Awaiting requested review from leecam

@tplooker tplooker Awaiting requested review from tplooker

@martijnharing martijnharing Awaiting requested review from martijnharing

@bc-pi bc-pi Awaiting requested review from bc-pi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.0 Final

Development

Successfully merging this pull request may close these issues.

consider adding MTI crypto suites

6 participants

@awoie @javereec @jogu @paulbastian @Sakurann