Inhaltsverzeichnis

BSI IT-Grundschutz Mapping

Mapping of the WvdS Post-Quantum Cryptography library to BSI IT-Grundschutz modules.

Overview

The BSI IT-Grundschutz Compendium1) defines security requirements for IT systems. This page documents how WvdS fulfills the relevant modules.

flowchart LR subgraph BSI["BSI IT-Grundschutz"] CON1["CON.1
Crypto Concept"] CON5["CON.5
Key
Management"] OPS115["OPS.1.1.5
Logging"] APP31["APP.3.1
Web Applications"] NET31["NET.3.1
Routers/Switches"] end subgraph WVDS["WvdS PQ-Crypto"] CFG["CryptoConfig"] KDF["KeyDerivation"] LOG["Audit Events"] TLS["TLS Extensions"] CERT["X.509 Certificates"] end CON1 --> CFG CON5 --> KDF OPS115 --> LOG APP31 --> TLS NET31 --> CERT style CFG fill:#4caf50,color:#fff style KDF fill:#4caf50,color:#fff style LOG fill:#4caf50,color:#fff style TLS fill:#4caf50,color:#fff style CERT fill:#4caf50,color:#fff

CON.1 Crypto Concept

Module: Concepts and Procedures - Crypto Concept2)

Requirement BSI ID WvdS Implementation Status
Selection of appropriate cryptographic methods CON.1.A1 ML-DSA (FIPS 204), ML-KEM (FIPS 203) Completed
Backup of cryptographic keys CON.1.A2 KeyDerivation, PEM export with encryption Completed
Encryption of communication CON.1.A3 TLS 1.3 with PQ algorithms Completed
Appropriate key lengths CON.1.A4 ML-DSA-44/65/87, ML-KEM-512/768/1024 Completed
Document crypto concept CON.1.A5 Concepts Documentation Completed
Regular review CON.1.A6 Versioned API, NIST conformance Completed

Implementation Details

CON.1.A1 - Selection of appropriate cryptographic methods: 

// WvdS uses exclusively NIST-standardized algorithms
CryptoConfig.DefaultMode = CryptoMode.Hybrid;
 
// Available algorithms:
// - ML-DSA-44/65/87 (NIST FIPS 204)
// - ML-KEM-512/768/1024 (NIST FIPS 203)
// - RSA-2048/3072/4096 (classical)
// - ECDSA P-256/384/521 (classical)

CON.1.A4 - Appropriate key lengths:

Key lengths comply with BSI recommendations3):

Algorithm Security Level BSI Recommendation
ML-DSA-44 NIST Level 2 (~128 bit) Short-lived certificates
ML-DSA-65 NIST Level 3 (~192 bit) Standard recommendation
ML-DSA-87 NIST Level 5 (~256 bit) Highest security

CON.5 Development and Use of Key Management Systems

Module: Key Management4)

Requirement BSI ID WvdS Implementation Status
Requirements analysis CON.5.A1 Documented API, scenarios Completed
Key generation CON.5.A2 OpenSSL 3.6 CSPRNG Completed
Key storage CON.5.A3 Encrypted PEM export Completed
Key distribution CON.5.A4 X.509 certificates, CSR workflow Completed
Key derivation CON.5.A5 HKDF, PBKDF2, Argon2id Completed
Key destruction CON.5.A6 SecureZeroMemory, IDisposable Completed
Key archival CON.5.A7 PEM/PFX with password protection Completed

Implementation Details

CON.5.A5 - Key derivation:

Key derivation functions comply with BSI recommendations5) and NIST standards6). 

// HKDF (RFC 5869) for key derivation
var derivedKey = KeyDerivationExtensions.DeriveKey(
    sharedSecret,
    salt: cryptoRandom,
    info: contextInfo,
    outputLength: 32,
    HashAlgorithmName.SHA256
);
 
// Argon2id for password-based derivation (memory-hard)
var key = OpenSslKdf.Argon2id(
    password,
    salt,
    outputLength: 32,
    iterations: 3,
    memoryKiB: 65536,  // 64 MB
    parallelism: 4
);

CON.5.A6 - Key destruction: 

// Automatic key destruction via IDisposable
using var keyPair = ctx.GenerateKeyPair(PqAlgorithm.MlDsa65);
// ... usage ...
// Dispose() calls SecureZeroMemory on private key bytes

OPS.1.1.5 Logging

Module: Logging7)

Requirement BSI ID WvdS Implementation Status
Create logging policy OPS.1.1.5.A1 Documented events Completed
Ensure integrity OPS.1.1.5.A3 Signed audit logs In Progress
Protect log data OPS.1.1.5.A4 Encrypted logs In Progress

Loggable Events

Event Data Purpose
KeyGeneration Algorithm, KeyId, Timestamp Audit trail
CertificateCreation Subject, Serial, Validity PKI monitoring
SignatureOperation KeyId, DataHash, Mode Traceability
ValidationResult CertChain, Status, Reason Security monitoring

APP.3.1 Web Applications and Web Services

Relevance: TLS configuration for web servers

Requirement BSI ID WvdS Implementation Status
TLS encryption APP.3.1.A14 Hybrid TLS certificates Completed
Secure authentication APP.3.1.A15 mTLS with PQ certificates Completed 
// Hybrid server certificate for TLS
var serverCert = request.CreateServerCertificate(
    intermediateCa,
    dnsNames: new[] { "api.example.com" },
    mode: CryptoMode.Hybrid  // ECDSA + ML-DSA
);

NET.3.1 Routers and Switches

Relevance: Network devices with certificates

Requirement BSI ID WvdS Implementation Status
Secure management access NET.3.1.A4 mTLS certificates Completed
Secure protocols NET.3.1.A9 SSH/TLS with PQ Completed

Evidence Checklist for Auditors

For BSI audits, use this checklist:

# Checkpoint Evidence Status
———–———-
1 Crypto concept documented Concepts [ ]
2 NIST-compliant algorithms FIPS 203/204 references [ ]
3 Key generation via CSPRNG OpenSSL 3.6 source [ ]
4 Key derivation documented KeyDerivation API [ ]
5 Secure key destruction IDisposable pattern in code [ ]
6 Hybrid cryptography CryptoMode.Hybrid [ ]
7 Certificate management PKI Scenarios [ ]

BSI TR-03116 (Cryptographic Requirements)

The BSI Technical Guideline TR-031168) defines specific cryptographic requirements:

Requirement TR-03116 Part WvdS Conformance
TLS 1.3 cipher suites Part 4 Supported
Signature algorithms Part 1 ML-DSA (NIST)
Key exchange Part 4 ML-KEM (NIST)
Hash functions Part 1 SHA-256/384/512

Further Reading

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, , , , ,
1)
BSI IT-Grundschutz: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/it-grundschutz_node.html
2)
BSI CON.1: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2023/05_CON_Konzepte_und_Vorgehensweisen/CON_1_Kryptokonzept_Edition_2023.pdf
3)
BSI TR-02102-1: „Cryptographic Mechanisms: Recommendations and Key Lengths“, Version 2024-01, Chapter 3: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf
4)
BSI CON.5: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2023/05_CON_Konzepte_und_Vorgehensweisen/CON_5_Entwicklung_und_Einsatz_von_Schluesselmanagementsystemen_Edition_2023.pdf
5)
BSI TR-02102-1, Chapter 8 „Key Derivation Functions“: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf
6)
NIST SP 800-56C Rev. 2: „Recommendation for Key-Derivation Methods in Key-Establishment Schemes“: https://csrc.nist.gov/pubs/sp/800/56/c/r2/final
7)
BSI OPS.1.1.5: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2023/06_OPS_Betrieb/OPS_1_1_5_Protokollierung_Edition_2023.pdf
8)
BSI TR-03116: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03116/TR-03116_node.html