On October 26, 2024, the Minister of National Defense of Vietnam issued Circular 87/2024/TT-BQP stipulating the list of mandatory encryption technical standards applicable to hardware security modules in electronic identification and authentication activities in Vietnam.
In the list issued with Circular 87/2024/TT-BTP, the standards on encryption technical specifications for hardware security modules in electronic identification and authentication activities in Vietnam are as follows:
- Symmetric cryptography and operational policies apply the following standards:
+ TCVN 11367-3:2016 (ISO/IEC 18033-3:2010) on Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers.
+ TCVN 12213:2018 (ISO/IEC 10116:2017) on Information technology - Security techniques - Modes of operation for n-bit block ciphers in IT.
+ ISO/IEC 19772:2020 on Information security - Authenticated encryption
+ NIST Special Publication 800-38E
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices
- Asymmetric cryptography and digital signatures apply the following standards:
+ TCVN 11367-2:2016 on Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphers
+ PKCS#1 RSA Cryptography Standard
+ ANSI X9.62-2005 Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)
- Hash algorithms apply the following standards:
+ TCVN 11816-3:2017 on Information technology - Security techniques - Hash functions - Part 3: Dedicated hash functions
+ FIPS PUB 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
- Message authentication algorithm applies the standard as follows:
+ TCVN 11495-1:2016 on Information technology - Security techniques - Message authentication codes (MACs) - Part 2: Mechanisms using dedicated hash functions
+ FIPS PUB 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
Regulation on application: Use one of the following algorithms: HMAC-SHA-256-128, HMAC-SHA-256, HMAC-SHA-384-192, HMAC-SHA-384, HMAC-SHA-512-256, HMAC-SHA-512, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512.
- Key derivation functions apply the standard as follows:
+ NIST SP 800-132 Recommendation for Password-Based Key Derivation Part 1: Storage Applications
Regulation on application: Apply PBKDF2, version 2.0 or above (if applicable).
- Random bit generator applies the following standards:
+ TCVN 12853:2020 on Security techniques - Random bit generator
+ NIST SP 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators
+ NIST SP 800-90C Recommendation for Random Bit Generator (RBG) Constructions
+ AIS-31 A proposal for: Functionality classes for random number generators
- Storing secure parameters apply the standard P800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
- Application programming interface applies the standard PKCS#11 Cryptographic Token Interface Base Specification. Applicable for Version 2.2 or above.
Refer to the detailed content in Circular 87/2024/TT-BTP (effective from November 11, 2024).
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |