AS 2805.6.1.4:2009 pdf free
AS 2805.6.1.4:2009 pdf free.Electronic funds transfer – Requirements for interfaces
Asymmetric cryptosystems include asymmetric ciphers, digital signature systems and key agreement systems.In financial services systems, asymmetric cryptosystems are used predominantly for key management; firstly for the management of the keys of symmetric ciphers, and secondly for the management of the keys of the asymmetric cryptosystems themselves. This clause describes these applications of asymmetric cryptosystems.
Clause 5 describes the techniques employed in support of these applications relating to key management services and certificate management. Clause 6 describes how these techniques and methods are used in relation to the security and implementation requirements for the key pair life cycle.
The public key of an asymmetric key pair needs to be distributed to, and stored by, one or more users for subsequent use as an encipherment key and/or signature verification key, or for use in a key agreement mechanism. Although this key need not be protected from disclosure, the distribution and storage procedures shall ensure that key authenticity and integrity is maintained as defined in 5.6.1.
Asymmetric key pairs should not be used for multiple purposes. However, if a key pair is used for multiple purposes, e.g. digital signatures and encipherment, then special key separation techniques shall be employed which ensure that the system is not open to attack by transformations using the key pair. The selected techniques shall be implemented in an SCD. The functionality of the cryptographic device shall ensure that the implementation of a technique is such that the intended purpose of the technique is achieved.
Encipherment of a symmetric key using the public key of an asymmetric cipher is typically used for the distribution of that key using a non-secure channel. The enciphered key may be a working key, or may itself be a KEK. Thus, mixed key hierarchies, as described in Iso 1 1568-2, may be created which incorporate the keys of both symmetric and asymmetric ciphers.
The symmetric key shall be formatted into a data block appropriate to the encipherment operation. As the block size of asymmetric ciphers tends to be larger than the key size of symmetric ciphers, it is usually possible to include more than one key in the data block for encipherment. Additionally, formatting information,random padding and redundancy characters shall be incorporated in the data block (see ISO/IEC 18033-2).AS 2805.6.1.4 pdf free download.