vc-data-integrity icon indicating copy to clipboard operation
vc-data-integrity copied to clipboard
verified publisher icon w3c

Cryptographic primitives supported by current smart phones

Open Sh-Amir opened this issue 9 months ago • 2 comments

This issue refers to the security review requested at w3c/security-request/#55.

I was wondering if the current recommendation of cryptographic primitives can be satisfied by all the smartphones that are available currently in the market. To elaborate on this point, based on research that we did, which is based on publicly available data link, the cryptographic algorithms supported by CC-certified StrongBox implementations are limited by the capabilities of their eSE. For example, only the ECDSA with the P-256 curve is supported by just two out of the three CC-certified implementations: KNOX Vault and the Titan M2 chip (see Section 3.4 for more details). Given that, I was wondering if there is a need to give more flexibility or if the situation will be changed in the near future and we can stick to the current recommendation.

I agree that this is a small use-case in the bigger world; however, I think it deserves a small attention.

Sh-Amir avatar Apr 15 '25 11:04 Sh-Amir

in issue title, s/Supported cryptographic primitives by/Cryptographic primitives supported by/

TallTed avatar Apr 15 '25 17:04 TallTed

We are grateful for this response from SING and look forward to considering it as part of a future version of the specification

brentzundel avatar May 02 '25 15:05 brentzundel