multipaz-android-legacy/com.android.identity.android.legacy/IdentityCredentialStore/CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256

CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256

val CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256: Int = 1

Specifies that the cipher suite that will be used to secure communications between the reader and the prover is using the following primitives

  • ECKA-DH (Elliptic Curve Key Agreement Algorithm - Diffie-Hellman, see BSI TR-03111).
  • HKDF-SHA-256 (see RFC 5869).
  • AES-256-GCM (see NIST SP 800-38D).
  • HMAC-SHA-256 (see RFC 2104).

The exact way these primitives are combined to derive the session key is specified in section 9.2.1.4 of ISO/IEC 18013-5 (see description of cipher suite '1').

At present this is the only supported cipher suite.