Zum Hauptinhalt springen

BSI TR-02102-1

BSI TR-02102-1 ("Cryptographic Mechanisms: Recommendations and Key Lengths") is a foundational technical guideline published by the German Federal Office for Information Security (BSI). It outlines the approved cryptographic algorithms, protocols, and minimum key lengths required for secure IT systems in the German healthcare and government sectors.

Integration with azuma nori

In the context of azuma nori, TR-02102-1 is rarely evaluated in total isolation. Instead, it serves as the underlying cryptographic bedrock for broader compliance frameworks, most notably BSI TR-03161.

For example, when evaluating BSI TR-03161 Part 3, control O.Cryp_2 mandates that all cryptographic mechanisms must use proven implementations. To pass this control, the azuma nori sub-agents implicitly check your codebase against the TR-02102-1 constraints.

Automated Evaluations

When azuma nori evaluates cryptographic controls, the agents analyze your project's Wiki and dependency trees to ensure:

  • Approved Algorithms: Usage of AES (Advanced Encryption Standard), RSA, or Elliptic Curve Cryptography (ECC) over deprecated alternatives (e.g., DES, MD5, SHA-1).
  • Adequate Key Lengths: Verification that RSA keys are at least 2048-bit (or 3072-bit for long-term security) and ECC keys are appropriately sized.
  • Secure Protocols: Enforcement of TLS 1.2 or TLS 1.3 for data in transit, explicitly flagging any fallbacks to SSL or early TLS versions.
  • No Roll-Your-Own Crypto: The agents actively flag custom cryptographic implementations, ensuring you rely on vetted libraries (e.g., Bouncy Castle, OpenSSL, or native OS crypto providers).

Providing Manual Evidence

Some TR-02102-1 requirements—such as physical key generation procedures, HSM (Hardware Security Module) certifications, or entropy source guarantees—cannot be statically analyzed in source code.

For these controls, you must upload your formal cryptographic concepts, key management policies, or vendor certificates via the Evidence tab in the Standalone Client. The evaluating sub-agents will ingest these documents alongside your code to reach a final verdict.