From 94d034b820f0c1d4357d13e93145c4d4ba182b20 Mon Sep 17 00:00:00 2001 From: AssahBismarkabah Date: Mon, 15 Jul 2024 16:40:27 +0100 Subject: [PATCH] update security whitepaper with release note --- SECURITY.WHITEPAPER.md | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/SECURITY.WHITEPAPER.md b/SECURITY.WHITEPAPER.md index 8c8af109e..4de1f62d1 100644 --- a/SECURITY.WHITEPAPER.md +++ b/SECURITY.WHITEPAPER.md @@ -27,18 +27,18 @@ CMS Encryption: With the latest release, Datasafe has transitioned from RSA to Elliptic Curve Cryptography (ECC) to enhance security and performance. This section details the new ECC implementation: -### Encryption and Signing +#### Encryption and Signing - **Encryption Algorithm**: ECDH (Elliptic Curve Diffie-Hellman) with curve `secp256r1`. - **Signing Algorithm**: SHA256withECDSA (Elliptic Curve Digital Signature Algorithm) with curve `secp256r1`. -### Benefits of ECC +#### Benefits of ECC - **Security**: ECC offers stronger security per bit compared to RSA, making it more resistant to cryptographic attacks. - **Performance**: ECC algorithms generally require less computational power and are faster. - **Key Size**: ECC achieves comparable security to RSA with much smaller key sizes (256 bits for ECC vs. 2048 bits for RSA), resulting in reduced storage and transmission requirements. -### Implementation Details +#### Implementation Details
Dynamically choosing between RSA and ECC @@ -57,6 +57,25 @@ in the updated implementation, the getRecipientInfoGenerator method dynamically
+## Release Notes + +##### ECC Integration + +#### Added +- **Elliptic Curve Cryptography (ECC)**: + - Implemented ECC for improved security and performance. + - Encryption Algorithm: ECDH (Elliptic Curve Diffie-Hellman) with curve `secp256r1`. + - Signing Algorithm: SHA256withECDSA (Elliptic Curve Digital Signature Algorithm) with curve `secp256r1`. + +#### Changed +- **Encryption and Signing**: + - Transitioned from RSA to ECC, enhancing security and reducing key sizes. + +#### Improved +- **Security**: + - ECC offers stronger security per bit compared to RSA. +- **Key Size Reduction**: + - ECC achieves comparable security to RSA with much smaller key sizes, reducing storage and transmission requirements. ## General information Datasafe is a flexible encryption library. It uses different encryption algorithms. They can be configured by client application. Under the hood Datasafe uses BouncyCastle library to perform encryption.