SID-CRYPTO-03 — AES-256-GCM Encrypted Keystore
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Cryptography Controls |
Description
Wallet private keys and state encrypted with AES-256-GCM via JWE. Key wrapping via AES-KW with support for asymmetric ECDH-based encapsulation. PBKDF2 (SHA-256, 600K iterations) as password fallback. All random generation uses crypto/rand (Go) and WebCrypto API (browser).
Components
Source References
Framework Requirements
EUDI Security Requirements: GEN-7.3.2-02, WUG-8.2.1-Fun-01, WUG-8.2.1-Sec-02, WUM-8.2.2-Sec-11, WIN-8.4.1-Sec-01, WIN-8.4.4-01, WSA-8.5-07
FitCEM Wallet Instance: FIT-DS-01, FIT-DS-02, FIT-DS-13, FIT-CR-01, FIT-AU-11
ISO 27001 Annex A: A.5.17, A.5.33, A.7.10, A.8.24
GDPR Checklist: Take data protection into account at all times, Encrypt, pseudonymize, or anonymize
OWASP ASVS 4.0.3 Level 3: V1.6, V6.1
STRIDE Threat Model: TR-S-2