Cryptographic Asset Inventory
| Property | Value |
|---|---|
| Controls | SID-CRYPTO-01 through SID-CRYPTO-05 |
| EUDI Requirements | GEN-7.3.2-02, GEN-7.5-02, GEN-7.5-03, WIN-8.4.4-02 |
| ISO 27001 | A.8.24 (Cryptography) |
Purpose
This document provides a formal inventory of all cryptographic assets across the SIROS ID platform: keys, algorithms, protection levels, and lifecycle properties. It addresses the finding that individual cryptographic controls exist and are verified, but a consolidated asset classification with ECCG mapping was missing.
ECCG Classification
The EUDI Cooperation Group (ECCG) Security Requirements classify cryptographic assets by their sensitivity level and required protection. The table below maps each SIROS ID cryptographic asset to the appropriate ECCG category.
| ECCG Category | Assets in Scope | Required Protection |
|---|---|---|
| Issuer signing keys | HSM-backed ECDSA/RSA keys (vc) | HSM (PKCS#11 or QSCD) per GEN-7.5-02 |
| User authentication keys | WebAuthn credentials, PRF-derived keys | Hardware authenticator or platform authenticator per WUH-8.3.1-Sec-07 |
| Wallet instance keys | Per-credential ES256 signing key pairs | Client-side encrypted keystore per WIN-8.4.1-Sec-01 |
| Transport keys | TLS certificates, mTLS client certs | Filesystem with restricted permissions; PKI-managed |
| Session secrets | JWT signing keys, admin tokens | Configuration secrets; operator-managed rotation |
| Ephemeral keys | ECDH (VP encryption), nonces | In-memory only; auto-destroyed on TTL or use |
Asset Inventory by Component
Credential Issuer / Verifier (vc)
| Asset | Algorithm | Size | Protection | Lifecycle |
|---|---|---|---|---|
| Issuer signing key (HSM) | ECDSA / or RSA | 256–384 bit EC | PKCS#11 HSM — key never leaves HSM boundary | HSM-managed; PIN-authenticated sessions |
| Issuer signing key (software fallback) | ECDSA / or RSA | Variable | PEM file on filesystem | Manually provisioned; no at-rest encryption |
| mDOC Document Signer key | ECDSA / or Ed25519 | 256–384 bit | Same as issuer key (HSM or file) | IACA PKI-managed |
| Ephemeral VP encryption key | ECDH | 256 bit | In-memory TTL cache (10 min) | Generated per VP request; auto-evicted |
| Cryptographic nonces | crypto/rand | 256 bit (32 bytes) | In-memory, ephemeral | Single-use per flow |
| mDOC session MAC key | HMAC (COSE MAC) | Session-derived | In-memory per session | Session lifetime |
| DIDComm encryption keys | ECDH-ES+A256KW / ECDH-1PU+A256KW | X25519, , | In-memory, ephemeral | Per-message generation |
| DIDComm signing keys | EdDSA, ES256, ES384, ES512 | Variable | Via configured signer | Per-message |
| Content encryption (DIDComm) | A256GCM, A256CBC-HS512, XC20P | 256 bit | In-memory, ephemeral | Per-message |
Wallet Backend (go-wallet-backend)
| Asset | Algorithm | Size | Protection | Lifecycle |
|---|---|---|---|---|
| JWT signing secret | HMAC-SHA256 (HS256) | Configurable | Config file, env var, or file path | Operator-provisioned; manual rotation |
| Admin API bearer token | Opaque (constant-time compare) | 256 bit (32 bytes) | Config, env, file, or auto-generated | Auto-generated at startup if absent; no rotation mechanism |
| TLS server certificate + key | PKI-provisioned | Per certificate | Filesystem paths (PEM) | External PKI lifecycle |
| MongoDB mTLS client cert | PKI-provisioned | Per certificate | Filesystem paths (PEM) | External PKI lifecycle |
| Wallet provider attestation key | Operator-provisioned | Per key | Filesystem paths (PEM) | External PKI lifecycle |
Wallet Frontend (wallet-frontend)
| Asset | Algorithm | Size | Protection | Lifecycle |
|---|---|---|---|---|
| Main encryption key | AES-256-GCM | 256 bit | Wrapped with AES-KW; stored in encrypted container | Generated at wallet creation; persisted server-side |
| Password-derived wrapping key | PBKDF2-SHA256 (600K iterations) → AES-KW | 256 bit | Derived on-demand; never stored | Derived per unlock; random salt in container |
| PRF-derived wrapping key | HKDF-SHA256 → AES-KW | 256 bit | Derived from authenticator PRF output | Derived per unlock; random salt/info per credential |
| ECDH encapsulation key pair (V2) | ECDH → AES-KW | 256 bit | Private key AES-GCM wrapped with main key | Generated at wallet creation; persisted in container |
| Credential signing key pairs | ECDSA (ES256) | 256 bit | JWK in JWE-encrypted container | Generated per did:key; no rotation |
| VP/KB-JWT signing | ES256 (via credential key) | 256 bit | Same as credential key | Per-presentation |
| JWE container encryption | AES-256-GCM (via main key) | 256 bit | Main key hierarchy | Full container re-encrypted on each save |
Biometric Identity Verification (facetec-api)
| Asset | Algorithm | Size | Protection | Lifecycle |
|---|---|---|---|---|
| JWT signing secret | HMAC (shared secret) | Configurable | Config file or env var | Operator-provisioned; manual rotation |
| Legacy app key | Opaque (constant-time compare) | Variable | Config, env, or file path | Operator-provisioned |
| FaceTec device key | Opaque (SDK key) | Variable | Config, env, or file path | FaceTec-provisioned |
| Issuer API key | Opaque (bearer token) | Variable | Config, env, or file path | Operator-provisioned |
| TLS server + mTLS upstream certs | PKI-provisioned | Per certificate | Filesystem paths (PEM) | External PKI lifecycle |
Trust Evaluation (go-trust)
| Asset | Algorithm | Size | Protection | Lifecycle |
|---|---|---|---|---|
| X.509 chain verification | PKIX path validation | N/A | Verification-only — no private key material | N/A |
| JWK/x5c public key parsing | Various (per key) | N/A | Verification-only | N/A |
| LoTE JWS verification | JWS (configurable toggle) | N/A | Verification-only | N/A |
| DID Web VH signature verification | EdDSA (eddsa-jcs-2022) | N/A | Verification-only | N/A |
info
go-trust holds no private key material. It only verifies signatures and certificate chains from trust registries.
Policy Authorization (go-spocp)
No cryptographic operations. Pure S-expression policy matching engine.
Supported Algorithm Suite
| Purpose | Algorithms | Notes |
|---|---|---|
| Credential signing | ES256, ES384, ES512, EdDSA, RS256, RS384, RS512 | ES256 recommended for EUDIW |
| Key agreement | ECDH , ECDH , X25519 | X25519 for DIDComm |
| Key wrapping | AES-KW-256 | RFC 3394 |
| Content encryption | AES-256-GCM, A256CBC-HS512, XC20P | AES-256-GCM primary |
| Key derivation | PBKDF2-SHA256 (600K), HKDF-SHA256 | OWASP-compliant iteration count |
| Digest | SHA-256, SHA-384, SHA-512 | SHA-256 default for MSO/SD-JWT |
| Random | crypto/rand (Go), WebCrypto API (browser) | CSPRNG throughout |
| TLS | TLS 1.2+ (configurable min), TLS 1.3 option |
Key Hierarchy (Wallet Frontend)
Risk Observations
| Observation | Impact | Mitigation Path |
|---|---|---|
| HMAC JWT secrets in config/env (wallet-backend, facetec-api) | Secret exposure if config leaks | Operator: use file-based secrets with restricted permissions; consider vault integration |
| PKCS#11 PIN in YAML config | HSM PIN exposure | Operator: externalize to secrets manager |
| File-based issuer keys (software fallback) | Plaintext PEM at rest | Use HSM mode for production deployments per GEN-7.5-02 |
| No automated rotation for JWT signing secrets | Compromise window | Operator: establish rotation SOP |
| No rotation for wallet credential signing keys | Long-lived key material | Acceptable for credential-bound keys; keys destroyed with wallet |
| Admin token auto-generated but not rotated | Static admin credential | Operator: configure explicit token with rotation schedule |