Cryptography

Hash Algorithms

The system supports the following hash algorithms for computing hash values of item contents, item headers, and access keys.

• SHA-256

Symmetric-key Algorithms

The system supports the following symmetric-key algorithms for encryption and decryption of item contents and item headers.

• AES (Rijndael)

The AES keys must be 256 bits in length.

Asymmetric-key Algorithms

The system supports the following asymmetric-key algorithms for request authentication and the exchange of symmetric keys.

• RSA

The RSA key must be at least 2048 bits in length. The encryption and decryption processes must use Optimal asymmetric encryption padding (OAEP).

Certificates

The system uses public key certificates to encrypt data prior to transmission to the IRB Exchange, as well as using the private key to sign each request that is sent to the IRB Exchange. To support this level of security, it is required that each organization registers a public key certificate.

Certificate Authorities

A certificate must be signed by a trusted certificate authority, such as those in the following list. Self signed certificates will not be accepted.

• Symantec
• Comodo
• GoDaddy
• GlobalSign
• DigiCert
• StartCom
• Entrust
• Trustwave

Certificate File Formats

The certificate must be provided in one of the following file formats:

• PEM
• DER
• CER