Cryptography related dependencies are not represented correctly

[n1ckl0sk0rtge]

If cryptographic values are interdependent, the “internal” cryptographic references should be used to define these relationships.

Example:

if a key dependence on an algorithm use the cryptoRef field in the relatedCryptoMaterialsProperties to reference the algorithm.

[n1ckl0sk0rtge]

At the moment, this topic is on hold. In the current version of CBOM, there is no option to reference algorithms from other algorithms. This is necessary for many scenarios (signature algorithm uses digest algorithm). As this reference cannot be expressed via the algorithm properties and for reasons of conciseness, we present all dependencies in the Dependencies section.