While our open source crypto library provides many cryptographic methods for the choosing, E3Kit uses a curated subset of them packaged into high-level methods to provide the most simple and secure end-to-end encryption.

Here's a list of the algorithms used by each cryptographic high-level method:

Registration (eThree.register)

Cryptographically strong random to generate key
ED25519 (RFC8032) to sign card

Encryption and Signing (eThree.encrypt)

Cryptographically strong random to generate symmetric key
ED25519 (RFC8032) to sign data
AES256 CBC (NIST SP 800-38D) for key wrapping
AES256 GCM (RFC3602) to encrypt data
Curve25519 (RFC7748) to generate shared secret
KDF2 (RFC2898) to derive keys

Decryption and Verification (eThree.decrypt)

ED25519 (RFC8032) to verify signature
AES256 CBC (NIST SP 800-38D) for key wrapping
AES256 GCM (RFC3602) to decrypt data
Curve25519 (RFC7748) to generate shared secret
KDF2 (RFC2898) to derive keys

Private Key Backup (eThree.backupPrivateKey)

The algorithms listed above in the Encryption and Signing (eThree.encrypt) section, plus:
BLS12-381 (RFC) (Pythia)

Private Key Backup (eThree.restorePrivateKey)

The algorithms listed above in the Decryption and Verification (eThree.decrypt) section, plus:
BLS12-381 (RFC) (Pythia)

Did this answer your question?