While our open source crypto library provides many cryptographic methods for the choosing, E3Kit uses a curated subset of them packaged into high-level methods to provide the most simple and secure end-to-end encryption.
Here's a list of the algorithms used by each cryptographic high-level method:
Registration (eThree.register)
Cryptographically strong random to generate key
ED25519 (RFC8032) to sign card
Encryption and Signing (eThree.encrypt)
Cryptographically strong random to generate symmetric key
ED25519 (RFC8032) to sign data
AES256 CBC (NIST SP 800-38D) for key wrapping
AES256 GCM (RFC3602) to encrypt data
Curve25519 (RFC7748) to generate shared secret
KDF2 (RFC2898) to derive keys
Decryption and Verification (eThree.decrypt)
ED25519 (RFC8032) to verify signature
AES256 CBC (NIST SP 800-38D) for key wrapping
AES256 GCM (RFC3602) to decrypt data
Curve25519 (RFC7748) to generate shared secret
KDF2 (RFC2898) to derive keys
Private Key Backup (eThree.backupPrivateKey)
The algorithms listed above in the Encryption and Signing (eThree.encrypt) section, plus:
BLS12-381 (RFC) (Pythia)
Private Key Backup (eThree.restorePrivateKey)
The algorithms listed above in the Decryption and Verification (eThree.decrypt) section, plus:
BLS12-381 (RFC) (Pythia)