Guidelines on cryptographic algorithms usage and key management

Guidelines on cryptographic algorithms usage and key management

18 January 19

Share This

Today the published a new version of the Guidelines on cryptographic algorithms usage and key management in order to provide guidance to the European payments industry, more precisely to security officers, risk managers, system engineers and systems designers. Although its content does not assume expertise in cryptology, it contains some sections which require a basic mathematical background.

This document was updated to reflect newsworthy developments in cryptography, including the impacts of the latest progress in cryptanalysis (e.g. on public key cryptography, message authentication codes and hash functions). This includes a review of the recommendations with the inclusion of more cross-references to the main body of the document.

Moreover, various updates have been made regarding the usage of some algorithms (e.g., 2TDES, 3TDES) based on recent developments in cryptography since the publication of the last version in 2017. Also, a new section on the recently published TLS v1.3 has been added. In addition, the sections on quantum computing considerations and distributed ledger technology have been reviewed and updated as needed, including new background information. The list of references was updated since the last publication of the document in December 2017.

In producing these guidelines, the aims to provide a reference basis to support payment service providers. However, it needs to be recognised that research and developments in cryptology are constantly evolving. Therefore, the plans to annually review and update the document to reflect the state of the art in light of major new developments and to keep it aligned with the documents referenced.

Guidelines on cryptographic algorithms usage and key management



Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.