.. include:: ../abbreviations.txt

Supported security mechanisms
=============================

Supported **security mechanisms** and **protocols** supported by middleware are listed here. They are described in *ICAO* and *eIDAS* specifications.

ICAO security mechanisms
------------------------

- |BAC|
- |PACE| with following contexts are supported:

  - **Generic Mapping** and **Integrated Mapping**
  - **AES** with all key sizes and **3DES**
  - **DH** and **ECDH**
  - **standardized** and **explicit** domain parameters
  - choice among multiple **PACEInfo** and **PACEDomainParameterInfo** SecurityInfo
  - **all credential types**: ``MRZ``, ``CAN``, ``PIN``, ``PUK`` (PIN and PUK are defined in eIDAS specifications)

- Passive Authentication
- Active Authentication
- Chip Authentication v1


eIDAS security mechanisms
-------------------------

- Chip Authentication v2
- Terminal Authentication v1
- Terminal Authentication v2 without *Authorizations Extensions*
- PIN management:

  - Resume PIN
  - Resume PUK
  - Unblock PIN
  - Change PIN
  - Activate PIN
  - Deactivate PIN

Other mechanisms such as *Restricted Identification*, *Pseudonymous Signature* or *Switching of Sessions Contexts* are not supported.