Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

REQ.151 Separate keys for encryption and signatures

This document contains the details of the security requirements related to the definition and management of cryptographic systems. This requirement establishes the importance of using asymmetric cryptography with different keys for system encryption and signatures.

Requirement

System must use asymmetric cryptography with separated keys for encryption and signatures.

References

  1. OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.


Service status - Terms of Use