fix: RSA removed, according to #164

docs/en/algorithms.rst

@@ -14,10 +14,13 @@ The following algorithms MUST be supported:
   * - **Algorithm**
     - **Operations**
     - **References**
-  * - **RS256** 
+  * - **ES256** 
+    - Signature
+    - :rfc:`7518`.
+  * - **ES384** 
     - Signature
     - :rfc:`7518`.
-  * - **RS512**
+  * - **ES256**
     - Signature
     - :rfc:`7518`.
   * - **RSA-OAEP**
@@ -42,12 +45,6 @@ The following algorithms are RECOMMENDED to be supported:
   * - **Algorithm**
     - **Operations**
     - **References**
-  * - **ES256** 
-    - Signature
-    - :rfc:`7518`.
-  * - **ES512**
-    - Signature
-    - :rfc:`7518`.
   * - **PS256** 
     - Signature
     - :rfc:`7518`.
@@ -89,10 +86,5 @@ The following algorithms MUST NOT be supported:
     - Signature
     - :rfc:`7518`.
 
-.. warning:: 
-
-  The length of the RSA keys MUST be equal to or greater than 2048 bits.
-  A length of 4096 bits is RECOMMENDED.
-
 
 

docs/en/pid-eaa-data-model.rst

@@ -253,7 +253,7 @@ The corresponding SD-JWT verson for PID is given by
 
   {
      "typ":"vc+sd-jwt",
-     "alg":"RS512",
+     "alg":"ES256",
      "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
      "trust_chain" : [
       "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
@@ -273,12 +273,12 @@ The corresponding SD-JWT verson for PID is given by
     "status": "https://pidprovider.example.org/status",
     "cnf": {
       "jwk": {
-        "kty": "RSA",
-        "use": "sig",
-        "n": "1Ta-sE …",
-        "e": "AQAB",
-        "kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
-      }
+          "crv": "P-256",
+          "kty": "EC",
+          "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+          "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+          "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+        }
     },
     "type": "PersonIdentificationData",
     "verified_claims": {
@@ -422,7 +422,7 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco
 
   {
      "typ":"vc+sd-jwt",
-     "alg":"RS512",
+     "alg":"ES256",
      "kid":"d126a6a856f7724560484fa9dc59d195",
      "trust_chain" : [
       "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
@@ -442,12 +442,11 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco
     "status": "https://issuer.example.org/status",
     "cnf": {
       "jwk": {
-        "kty": "RSA",
-        "e": "AQAB",
-        "use": "sig",
-        "kid": "d126a6a856f7724560484fa9dc59d195",
-        "alg": "RS256",
-        "n": "oians5wYCWk4wFtEStVYcn_xOw9edKMNGH33_q6_pBI0XaTY7P3apUgjO0ivk5c1NQAVY6PZmcPQ8P1Y0cBAC9STRmzvTvDQcOocLhVy2ZlcXTu39oOGLNra8_LQsaMA386lO_qMW4-uY6DbGZY4vHkScvAC9FIZYDPafqWBEQUNV2QOFMH5VPoihCTKHwMGXnZBatYObg57xSOUX-bvhO_sFMm3k4RvsXcr3MFojAhLfwutu_jK9k7N9KR_mNc5IpiOyhZw_sUmF6SamRqsSPp42KD10hPMW0YJTDMYxBdHrMFeSMHYIMY4oBBT43__a55zILI_CnIk4241wOvGvw"
+        "crv": "P-256",
+        "kty": "EC",
+        "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+        "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+        "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
       }
     },
     "type": "HealthInsuranceData",

docs/en/pid-eaa-issuance.rst

@@ -130,7 +130,7 @@ Below a non-normative example of the PAR.
     &client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$
     &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
     &code_challenge_method=S256
-    &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KIC Jpc3MiOiAiczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsDQo gInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWVudF9pZCI6ICJzNkJoZFJrcXQz IiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vY2xpZW50LmV4YW1...
+    &request=$SIGNED-JWT
     &client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation
     &client_assertion=$WIA~WIA-PoP 
 
@@ -901,7 +901,7 @@ Below is a non-normative example of an Entity Configuration containing an `openi
 
       {
 
-        "alg": "RS256",
+        "alg": "ES256",
         "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
         "typ": "entity-statement+jwt"
 
@@ -913,13 +913,15 @@ Below is a non-normative example of an Entity Configuration containing an `openi
         "iss": "https://pid-provider.example.org",
         "sub": "https://pid-provider.example.org",
         "jwks": {
-          "keys": [{
-            "kty": "RSA",
-            "use": "sig",
-            "n": "1Ta-sE …",
-            "e": "AQAB",
-            "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
-          }]
+          "keys": [
+            {
+                "crv": "P-256",
+                "kty": "EC",
+                "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+                "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+                "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+            }
+          ]
         },
         "authority_hints": ["https://superior-entity.example.org/federation"],
         "metadata": {
@@ -928,7 +930,7 @@ Below is a non-normative example of an Entity Configuration containing an `openi
             "authorization_endpoint": "https://pid-provider.example.org/connect/authorize",
             "token_endpoint": "https://pid-provider.example.org/connect/token",
             "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par",
-            "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"],
+            "dpop_signing_alg_values_supported": ["ES256", "ES512"],
             "credential_endpoint": "https://pid-provider.example.org/credential",
              "jwks": {
                "keys": [
@@ -945,7 +947,7 @@ Below is a non-normative example of an Entity Configuration containing an `openi
                 "format": "vc+sd-jwt",
                 "id": "eudiw.pid.it",
                 "cryptographic_binding_methods_supported": ["jwk"],
-                "cryptographic_suites_supported": ["RS256", "RS512", "ES256", "ES512"],
+                "cryptographic_suites_supported": ["ES256", "ES512"],
                 "display": [{
                     "name": "PID Provider Italiano di esempio",
                     "locale": "it-IT",

docs/en/relying-party-solution.rst

@@ -506,7 +506,7 @@ Below is a non-normative response example:
 .. code-block:: text
 
     {
-        "alg": "RS256",
+        "alg": "ES256",
         "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
         "typ": "entity-statement+jwt"
     }
@@ -519,9 +519,11 @@ Below is a non-normative response example:
         "jwks": {
             "keys": [
                 {
-                    "kty": "RSA",
-                    "n": "5s4qi …",
-                    "e": "AQAB",
+                    "kty": "EC",
+                    "crv": "P-256",
+                    "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                    "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
+                    "x5c": [ <X.509 certificate> ]
                     "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
                 }
             ]
@@ -534,10 +536,11 @@ Below is a non-normative response example:
                 "jwks": {
                     "keys": [
                         {
-                            "kty": "RSA",
+                            "kty": "EC",
                             "use": "sig",
-                            "n": "1Ta-sE …",
-                            "e": "AQAB",
+                            "crv": "P-256",
+                            "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                            "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
                             "kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
                             "x5c": [ "..." ]
                         }
@@ -676,8 +679,8 @@ Below is a non-normative response example:
 
                 // JARM related
                 "authorization_signed_response_alg": [[
-                    "RS256",
-                    "ES256"
+                    "ES256",
+                    "ES384"
                 ],
                 "authorization_encrypted_response_alg": [
                     "RSA-OAEP",
@@ -696,8 +699,8 @@ Below is a non-normative response example:
                 "subject_type": "pairwise",
                 "require_auth_time": true,
                 "id_token_signed_response_alg": [
-                    "RS256",
-                    "ES256"
+                    "ES256",
+                    "ES384"
                 ],
                 "id_token_encrypted_response_alg": [
                     "RSA-OAEP",

docs/en/trust.rst

@@ -186,7 +186,7 @@ Below is a non-normative example of a Trust Anchor Entity Configuration, where e
 .. code-block:: text
 
     {
-        "alg": "RS256",
+        "alg": "ES256",
         "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
         "typ": "entity-statement+jwt"
     }
@@ -198,13 +198,6 @@ Below is a non-normative example of a Trust Anchor Entity Configuration, where e
         "sub": "https://registry.eidas.trust-anchor.example.eu",
         "jwks": {
             "keys": [
-                {
-                    "kty": "RSA",
-                    "n": "3i5vV-_ …",
-                    "e": "AQAB",
-                    "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
-                    "x5c": [ <X.509 Root CA certificate> ]
-                },
                 {
                     "kty": "EC",
                     "kid": "X2ZOMHNGSDc4ZlBrcXhMT3MzRmRZOG9Jd3o2QjZDam51cUhhUFRuOWd0WQ",
@@ -400,7 +393,7 @@ Below there is a non-normative example of an Entity Statement issued by an Accre
 .. code-block:: text
 
     {
-        "alg": "RS256",
+        "alg": "ES256",
         "kid": "em3cmnZgHIYFsQ090N6B3Op7LAAqj8rghMhxGmJstqg",
         "typ": "entity-statement+jwt"
     }