SID-CRYPTO-02 — PRF Extension Key Derivation

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Cryptography Controls

Description

WebAuthn PRF extension derives encryption keys from authenticator secrets using salt-based HKDF. Provides hardware-backed key material that never leaves the authenticator. Supports both legacy symmetric wrap (AES-KW) and upgraded asymmetric encapsulation (ECDH).

Components

Wallet Frontend
WSCA / HSM

Source References

wallet-frontend/keystore.ts

Audit Findings

Finding	Severity	Status
EN-S-2 — Partial asset classification and cryptographic documentation	medium	in progress
EN-P-5 — Partial user authentication and session controls	high	in progress
EN-P-6 — Partial key management and credential operations	medium	in progress
ISO-T-5 — Partial endpoint and privileged access controls	medium	open

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings