Skip to main content

SID-KEY-03 — WSCD Client Library with rawSign API

PropertyValue
Ownerplatform
Categorytechnical
CSF Functionprotect
GroupKey Management Controls

Description

Wallet Secure Cryptographic Device provided through a client library that exposes the rawSign extension as its unified API. The library supports multiple backends (plugins):

Local WSCD — FIDO rawSign (YubiKey 5.8+): FIDO roaming authenticators with native rawSign support (e.g. YubiKey firmware ≥5.8). Signing keys are generated and held inside the FIDO authenticator hardware; they never enter browser memory. Each signing operation requires an explicit user gesture. Certified FIDO security keys can satisfy AVA_VAN.5 attack potential requirements. The authenticator serves as both the WSCD (secure key storage) and WSCA (cryptographic application). This option requires certification of the authenticator hardware.

Remote WSCD — R2PS protocol (SCAL2): Remote PAKE-Protected Signing using the R2PS protocol (DIGG R2PS specification). The R2PS client implements the rawSign trait backed by remote HSM signing via OPAQUE-authenticated sessions with JWS/JWE message wrapping. Server-side PKCS#11/HSM key operations ensure keys never leave the HSM boundary. OPAQUE provides server-side PIN validation with attempt counters, satisfying SCAL2 sole-control requirements under EN 419 241-2. This option can be deployed immediately as the HSM infrastructure is already available.

Design target: The combination of a remote option (R2PS) that can be deployed immediately and a local option (FIDO rawSign) that will require more time to certify provides a phased rollout strategy for EUDI wallet WSCD compliance.

Components

Source References

Framework Requirements

EUDI Security Requirements: WUG-8.2.1-Sec-02, WUM-8.2.2-Sec-11, WUP-8.2.3-Fun-09, WUH-8.3.1-Sec-07, WUH-8.3.1-Sec-08, WUH-8.3.1-Sec-10, WSA-8.5-01, WSA-8.5-02, WSA-8.5-06, WSA-8.5-08, CS-I.3-WSCA

FitCEM Wallet Instance: FIT-CR-02, FIT-AU-03, FIT-AU-07, FIT-AU-08, FIT-AU-09, FIT-AU-14, FIT-AU-15, FIT-NF-08