|
1
|
<?xml version="1.0" encoding="utf-8"?>
|
|
2
|
<TR-03124-2_ICS xmlns="http://www.secunet.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.secunet.com TR-03124-2_ICS_v1.3.xsd" version="1.3">
|
|
3
|
|
|
4
|
<SoftwareVersion>
|
|
5
|
<Name>Open eCard App</Name>
|
|
6
|
<VersionMajor>1</VersionMajor>
|
|
7
|
<VersionMinor>3</VersionMinor>
|
|
8
|
<VersionSubminor>0</VersionSubminor>
|
|
9
|
</SoftwareVersion>
|
|
10
|
|
|
11
|
<Profiles>
|
|
12
|
<CRYPTO enabled="true" />
|
|
13
|
<EAC enabled="true" />
|
|
14
|
<OA enabled="true" />
|
|
15
|
<PAOS enabled="true" />
|
|
16
|
<CCH enabled="true" trIndex_b="0"/><!-- Provide the number of the most recent certificate from the trust store of the test object. -->
|
|
17
|
<PREVERIFICATION enabled="false" includedTrustpoint="false" />
|
|
18
|
<NO_PREVERIFICATION enabled="true" />
|
|
19
|
<HTTP_MESSAGES enabled="false" />
|
|
20
|
<PROXY_CONFIG enabled="false" />
|
|
21
|
<PRESELECT_RIGHTS enabled="false" />
|
|
22
|
<DISABLE_RIGHTS enabled="false" />
|
|
23
|
<ACTION_STATUS enabled="false" />
|
|
24
|
<ACTION_SHOWUI enabled="false" />
|
|
25
|
<ACTION_SHOWUI_SETTINGS enabled="false" />
|
|
26
|
<CLIENT_INTERFACE enabled="false" />
|
|
27
|
<PIN_MANAGEMENT enabled="true" />
|
|
28
|
<USER_INTERFACE enabled="false" />
|
|
29
|
<REFRESH_REDIRECT enabled="true" />
|
|
30
|
<ECAPI_INITFW enabled="false" />
|
|
31
|
<SESSION_RESUMPTION enabled="false" />
|
|
32
|
<NO_SESSION_RESUMPTION enabled="true" />
|
|
33
|
</Profiles>
|
|
34
|
|
|
35
|
<SupportedCryptography> <!-- parameters are covered by certificate -->
|
|
36
|
<TLSchannel_1-2>
|
|
37
|
<TLS-Version version="tls11" enabled="true">
|
|
38
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
39
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
40
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</CipherSuite>
|
|
41
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</CipherSuite>
|
|
42
|
<SupportedCurve>brainpoolP512r1</SupportedCurve>
|
|
43
|
<SupportedCurve>brainpoolP384r1</SupportedCurve>
|
|
44
|
<SupportedCurve>secp384r1</SupportedCurve>
|
|
45
|
<SupportedCurve>brainpoolP256r1</SupportedCurve>
|
|
46
|
<SupportedCurve>secp256r1</SupportedCurve>
|
|
47
|
<SupportedCurve>secp224r1</SupportedCurve>
|
|
48
|
<MinRSAKeyLength>2048</MinRSAKeyLength>
|
|
49
|
<MinDHEKeyLength>2048</MinDHEKeyLength>
|
|
50
|
<SupportedSignatureAlgorithm>SHA512withRSA</SupportedSignatureAlgorithm> <!-- List the content of the extension in the correct order used in ClientHello. -->
|
|
51
|
<SupportedSignatureAlgorithm>SHA384withRSA</SupportedSignatureAlgorithm>
|
|
52
|
<SupportedSignatureAlgorithm>SHA256withRSA</SupportedSignatureAlgorithm>
|
|
53
|
<SupportedSignatureAlgorithm>SHA224withRSA</SupportedSignatureAlgorithm>
|
|
54
|
<SupportedSignatureAlgorithm>SHA512withECDSA</SupportedSignatureAlgorithm>
|
|
55
|
<SupportedSignatureAlgorithm>SHA384withECDSA</SupportedSignatureAlgorithm>
|
|
56
|
<SupportedSignatureAlgorithm>SHA256withECDSA</SupportedSignatureAlgorithm>
|
|
57
|
<SupportedSignatureAlgorithm>SHA224withECDSA</SupportedSignatureAlgorithm>
|
|
58
|
</TLS-Version>
|
|
59
|
|
|
60
|
<TLS-Version version="tls12" enabled="true">
|
|
61
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
62
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</CipherSuite>
|
|
63
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</CipherSuite>
|
|
64
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</CipherSuite>
|
|
65
|
|
|
66
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
67
|
<!-- <CipherSuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</CipherSuite> -->
|
|
68
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</CipherSuite>
|
|
69
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</CipherSuite>
|
|
70
|
|
|
71
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
72
|
<CipherSuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</CipherSuite>
|
|
73
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
74
|
<CipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</CipherSuite>
|
|
75
|
|
|
76
|
<SupportedCurve>brainpoolP512r1</SupportedCurve>
|
|
77
|
<SupportedCurve>brainpoolP384r1</SupportedCurve>
|
|
78
|
<SupportedCurve>secp384r1</SupportedCurve>
|
|
79
|
<SupportedCurve>brainpoolP256r1</SupportedCurve>
|
|
80
|
<SupportedCurve>secp256r1</SupportedCurve>
|
|
81
|
<SupportedCurve>secp224r1</SupportedCurve>
|
|
82
|
<MinRSAKeyLength>2048</MinRSAKeyLength>
|
|
83
|
<MinDSAKeyLength>2048</MinDSAKeyLength>
|
|
84
|
<MinDHEKeyLength>2048</MinDHEKeyLength>
|
|
85
|
<SupportedSignatureAlgorithm>SHA512withRSA</SupportedSignatureAlgorithm> <!-- List the content of the extension in the correct order used in ClientHello. -->
|
|
86
|
<SupportedSignatureAlgorithm>SHA384withRSA</SupportedSignatureAlgorithm>
|
|
87
|
<SupportedSignatureAlgorithm>SHA256withRSA</SupportedSignatureAlgorithm>
|
|
88
|
<SupportedSignatureAlgorithm>SHA224withRSA</SupportedSignatureAlgorithm>
|
|
89
|
<SupportedSignatureAlgorithm>SHA512withECDSA</SupportedSignatureAlgorithm>
|
|
90
|
<SupportedSignatureAlgorithm>SHA384withECDSA</SupportedSignatureAlgorithm>
|
|
91
|
<SupportedSignatureAlgorithm>SHA256withECDSA</SupportedSignatureAlgorithm>
|
|
92
|
<SupportedSignatureAlgorithm>SHA224withECDSA</SupportedSignatureAlgorithm>
|
|
93
|
</TLS-Version>
|
|
94
|
</TLSchannel_1-2>
|
|
95
|
|
|
96
|
<TLSchannel_2>
|
|
97
|
<TLS-Version version="tls12" enabled="true">
|
|
98
|
<!-- <CipherSuite>TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
99
|
<CipherSuite>TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256</CipherSuite>
|
|
100
|
<CipherSuite>TLS_DHE_PSK_WITH_AES_256_GCM_SHA384</CipherSuite>
|
|
101
|
<CipherSuite>TLS_DHE_PSK_WITH_AES_128_GCM_SHA256</CipherSuite>
|
|
102
|
<CipherSuite>TLS_DHE_PSK_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
103
|
<CipherSuite>TLS_DHE_PSK_WITH_AES_128_CBC_SHA256</CipherSuite> -->
|
|
104
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_256_GCM_SHA384</CipherSuite>
|
|
105
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_128_GCM_SHA256</CipherSuite>
|
|
106
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
107
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_128_CBC_SHA256</CipherSuite>
|
|
108
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
109
|
<SupportedCurve>brainpoolP512r1</SupportedCurve>
|
|
110
|
<SupportedCurve>brainpoolP384r1</SupportedCurve>
|
|
111
|
<SupportedCurve>secp384r1</SupportedCurve>
|
|
112
|
<SupportedCurve>brainpoolP256r1</SupportedCurve>
|
|
113
|
<SupportedCurve>secp256r1</SupportedCurve>
|
|
114
|
<SupportedCurve>secp224r1</SupportedCurve>
|
|
115
|
<!-- <MinDHEKeyLength>2048</MinDHEKeyLength> -->
|
|
116
|
<MinRSAKeyLength>2048</MinRSAKeyLength> <!-- Minimal key length supported by the eID-Client. -->
|
|
117
|
<SupportedSignatureAlgorithm>SHA512withRSA</SupportedSignatureAlgorithm> <!-- List the content of the extension in the correct order used in ClientHello. -->
|
|
118
|
<SupportedSignatureAlgorithm>SHA384withRSA</SupportedSignatureAlgorithm>
|
|
119
|
<SupportedSignatureAlgorithm>SHA256withRSA</SupportedSignatureAlgorithm>
|
|
120
|
<SupportedSignatureAlgorithm>SHA224withRSA</SupportedSignatureAlgorithm>
|
|
121
|
<SupportedSignatureAlgorithm>SHA512withECDSA</SupportedSignatureAlgorithm>
|
|
122
|
<SupportedSignatureAlgorithm>SHA384withECDSA</SupportedSignatureAlgorithm>
|
|
123
|
<SupportedSignatureAlgorithm>SHA256withECDSA</SupportedSignatureAlgorithm>
|
|
124
|
<SupportedSignatureAlgorithm>SHA224withECDSA</SupportedSignatureAlgorithm>
|
|
125
|
</TLS-Version>
|
|
126
|
<TLS-Version version="tls11" enabled="true">
|
|
127
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_256_CBC_SHA384</CipherSuite>
|
|
128
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_128_CBC_SHA256</CipherSuite>
|
|
129
|
<CipherSuite>TLS_RSA_PSK_WITH_AES_256_CBC_SHA</CipherSuite>
|
|
130
|
<MinRSAKeyLength>2048</MinRSAKeyLength> <!-- Minimal key length supported by the eID-Client. -->
|
|
131
|
<SupportedSignatureAlgorithm>SHA512withRSA</SupportedSignatureAlgorithm> <!-- List the content of the extension in the correct order used in ClientHello. -->
|
|
132
|
<SupportedSignatureAlgorithm>SHA384withRSA</SupportedSignatureAlgorithm>
|
|
133
|
<SupportedSignatureAlgorithm>SHA256withRSA</SupportedSignatureAlgorithm>
|
|
134
|
<SupportedSignatureAlgorithm>SHA224withRSA</SupportedSignatureAlgorithm>
|
|
135
|
<SupportedSignatureAlgorithm>SHA512withECDSA</SupportedSignatureAlgorithm>
|
|
136
|
<SupportedSignatureAlgorithm>SHA384withECDSA</SupportedSignatureAlgorithm>
|
|
137
|
<SupportedSignatureAlgorithm>SHA256withECDSA</SupportedSignatureAlgorithm>
|
|
138
|
<SupportedSignatureAlgorithm>SHA224withECDSA</SupportedSignatureAlgorithm>
|
|
139
|
</TLS-Version>
|
|
140
|
</TLSchannel_2>
|
|
141
|
|
|
142
|
<TR-03110>
|
|
143
|
<PACE>PACE-ECDH-GM-AES-CBC-CMAC-128</PACE>
|
|
144
|
<TA>TA-ECDSA-SHA-256</TA>
|
|
145
|
<CA>CA-ECDH-AES-CBC-CMAC-128</CA>
|
|
146
|
</TR-03110>
|
|
147
|
</SupportedCryptography>
|
|
148
|
|
|
149
|
<CardReaderInterfaces>
|
|
150
|
<PCSC supported="false" />
|
|
151
|
<CCID supported="false" />
|
|
152
|
<Embedded supported="true" />
|
|
153
|
</CardReaderInterfaces>
|
|
154
|
|
|
155
|
<ClientTrustStore><!-- Here the exact constellation of the trust store of the eID-Client is required. -->
|
|
156
|
<!-- <Certificate sequenceNumber="0" CAR="DECVCAeID00102" CHR="DECVCAeID00103"/>
|
|
157
|
<Certificate sequenceNumber="1" CAR="DECVCAeID00102" CHR="DECVCAeID00102"/> -->
|
|
158
|
</ClientTrustStore>
|
|
159
|
|
|
160
|
</TR-03124-2_ICS>
|