Supported security mechanisms

Supported security mechanisms and protocols supported by middleware are listed here. They are described in ICAO and eIDAS specifications.

ICAO security mechanisms

• BAC

• PACE with following contexts are supported:

  • Generic Mapping and Integrated Mapping

  • AES with all key sizes and 3DES

  • DH and ECDH

  • standardized and explicit domain parameters

  • choice among multiple PACEInfo and PACEDomainParameterInfo SecurityInfo

  • all credential types: MRZ, CAN, PIN, PUK (PIN and PUK are defined in eIDAS specifications)

• Passive Authentication

• Active Authentication

• Chip Authentication v1

eIDAS security mechanisms

• Chip Authentication v2

• Terminal Authentication v1

• Terminal Authentication v2 without Authorizations Extensions

• PIN management:

  • Resume PIN

  • Resume PUK

  • Unblock PIN

  • Change PIN

  • Activate PIN

  • Deactivate PIN

Other mechanisms such as Restricted Identification, Pseudonymous Signature or Switching of Sessions Contexts are not supported.