Guidelines on cryptographic algorithms usage and key management

The purpose of this document is to provide guidance to the European payments industry in the field of cryptographic algorithms and related key management issues.

Its target audience includes security officers, risk managers, system engineers and systems designers. Although its content does not assume expertise in cryptology, it contains some sections which require a basic mathematical background.

This document was updated to reflect newsworthy developments in cryptography, including the impacts of the latest progress in cryptanalysis (e.g. on public key cryptography, message authentication codes and hash functions). This includes a review of the recommendations with inclusion of more cross-references to the main body of the document. 

Also various updates have been made regarding the usage of some algorithms (e.g., 2TDES, 3TDES) based on recent developments in cryptography since the publication of the last version in 2017. A new section on the recently published TLS v1.3 has been added. Also the sections on quantum computing considerations and distributed ledger technology have been reviewed and updated as needed, including new background information.

Finally, the list of references was updated since the last publication of the document in December 2017.

Document download