List of mandatory encryption technical specifications for hardware security modules in electronic identification and authentication activities in Vietnam

List of mandatory encryption technical specifications for hardware security modules in electronic identification and authentication activities in Vietnam

In the list issued with Circular 87/2024/TT-BTP, the standards on encryption technical specifications for hardware security modules in electronic identification and authentication activities in Vietnam are as follows:

- Symmetric cryptography and operational policies apply the following standards:

+ TCVN 11367-3:2016 (ISO/IEC 18033-3:2010) on Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers.

+ TCVN 12213:2018 (ISO/IEC 10116:2017) on Information technology - Security techniques - Modes of operation for n-bit block ciphers in IT.

+ ISO/IEC 19772:2020 on Information security - Authenticated encryption

+ NIST Special Publication 800-38E
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices

- Asymmetric cryptography and digital signatures apply the following standards:

+ TCVN 11367-2:2016 on Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphers

+ PKCS#1 RSA Cryptography Standard

+ ANSI X9.62-2005 Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)

- Hash algorithms apply the following standards:

+ TCVN 11816-3:2017 on Information technology - Security techniques - Hash functions - Part 3: Dedicated hash functions

+ FIPS PUB 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

- Message authentication algorithm applies the standard as follows:

+ TCVN 11495-1:2016 on Information technology - Security techniques - Message authentication codes (MACs) - Part 2: Mechanisms using dedicated hash functions

+ FIPS PUB 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

Regulation on application: Use one of the following algorithms: HMAC-SHA-256-128, HMAC-SHA-256, HMAC-SHA-384-192, HMAC-SHA-384, HMAC-SHA-512-256, HMAC-SHA-512, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512.

- Key derivation functions apply the standard as follows:

+ NIST SP 800-132 Recommendation for Password-Based Key Derivation Part 1: Storage Applications

Regulation on application: Apply PBKDF2, version 2.0 or above (if applicable).

- Random bit generator applies the following standards:

+ TCVN 12853:2020 on Security techniques - Random bit generator

+ NIST SP 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators

+ NIST SP 800-90C Recommendation for Random Bit Generator (RBG) Constructions

+ AIS-31 A proposal for: Functionality classes for random number generators

- Storing secure parameters apply the standard P800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

- Application programming interface applies the standard PKCS#11 Cryptographic Token Interface Base Specification. Applicable for Version 2.2 or above.

Refer to the detailed content in Circular 87/2024/TT-BTP (effective from November 11, 2024).

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE