The WvdS Crypto Service meets the requirements of the following standards and regulations.
The NIS2 Directive (Network and Information Security 2) has been in effect since January 2023 and must be transposed into national law by October 2024.
| Requirement | WvdS Implementation |
| (a) Risk analysis | Documented threat analysis |
| (b) Security incident handling | Logging, audit trail |
| (d) Supply chain security | OpenSSL FIPS-validated |
| (h) Cryptography | Post-Quantum algorithms |
| (i) Access control | L4Re Capability System |
Critical infrastructure operators (energy, transport, health, water, digital infrastructure) must comply with NIS2.
The WvdS Crypto Service is designed for these sectors.
Technical guideline from the German Federal Office for Information Security for cryptographic requirements in eHealth systems.
| Category | Allowed | WvdS |
| Symmetric | AES-256-GCM | ✓ |
| Signature | ECDSA, RSA-PSS | ML-DSA (PQC) |
| Key Exchange | ECDH | ML-KEM (PQC) |
| Hash | SHA-256, SHA-384 | ✓ (internal) |
BSI TR-03116-4 recommends gradual migration to post-quantum algorithms from 2025. The WvdS Crypto Service is prepared for this.
The WvdS Crypto Service uses OpenSSL 3.6 with FIPS Provider.
| Module | Certificate |
| OpenSSL 3.0 FIPS Provider | #4282 (in process for 3.6) |
FIPS mode is enabled by default. Verification:
// In your code #include <openssl/crypto.h> if (OSSL_PROVIDER_available(NULL, "fips")) { printf("FIPS Provider active\n"); }
The following algorithms are not available in FIPS mode:
NIST Post-Quantum Standard for Key Encapsulation.
| Parameter | Value |
| Algorithm | ML-KEM-768 |
| Security Level | NIST Level 3 (~AES-192) |
| Public Key | 1184 bytes |
| Ciphertext | 1088 bytes |
| Shared Secret | 32 bytes |
ML-KEM replaces classical methods like:
NIST Post-Quantum Standard for digital signatures.
| Parameter | Value |
| Algorithm | ML-DSA-65 |
| Security Level | NIST Level 3 |
| Public Key | 1952 bytes |
| Signature | 3293 bytes |
ML-DSA replaces classical methods like:
For your audit:
| Requirement | Status | Evidence |
| State-of-the-art encryption | ✓ | AES-256-GCM, ML-KEM |
| Post-Quantum ready | ✓ | FIPS 203, 204 |
| FIPS-validated crypto | ✓ | OpenSSL FIPS Provider |
| Key management | ✓ | Key Storage (File/TPM/HSM) |
| Access control | ✓ | L4Re Capabilities |
| Logging/Audit | ✓ | Configurable |
| Secure key destruction | ✓ | Zeroize on Drop |
| Nonce management | ✓ | Automatic tracking |
| DoS protection | ✓ | Rate Limiting |
The following documents are available for your audit:
| Document | Content |
| README_OEM.md | Technical integration |
| WvdS_KB_OEM.md | Knowledge Base (details) |
| SECURITY.md | Security Policy |
| CHANGELOG.md | Change history |
Request for additional documents:
Contact: Wolfgang van der Stille / EMSR DATA d.o.o. / DATECpro GmbH