SID-CRYPTO-02 — PRF Extension Key Derivation
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Cryptography Controls |
Description
WebAuthn PRF extension derives encryption keys from authenticator secrets using salt-based HKDF. Provides hardware-backed key material that never leaves the authenticator. Supports both legacy symmetric wrap (AES-KW) and upgraded asymmetric encapsulation (ECDH).
Components
- Wallet Frontend
- WSCA / HSM
Source References
Framework Requirements
EUDI Security Requirements: GEN-7.3.2-02, WPS-8.1.2-Fun-01, WUG-8.2.1-Sec-02, WUH-8.3.1-Sec-07, WSA-8.5-06
FitCEM Wallet Instance: FIT-DS-01, FIT-DS-10, FIT-DS-13, FIT-AU-07
ISO 27001 Annex A: A.5.17, A.8.1, A.8.24
GDPR Checklist: Take data protection into account at all times, Encrypt, pseudonymize, or anonymize
OWASP ASVS 4.0.3 Level 3: V1.6