CRYMBO follows industry-standard cryptographic protocols across all layers of the architecture.
Algorithms
| Purpose | Algorithm | Key Size |
|---|
| PII Encryption | RSA-OAEP / ECIES | 2048-bit RSA or P-256 EC |
| Data at Rest | AES-256-GCM | 256-bit |
| Transport | TLS 1.3 | Per TLS specification |
| Hashing | SHA-256 / SHA-3 | 256-bit |
| Digital Signatures | ECDSA / EdDSA | P-256 or Ed25519 |
| Attestation Signing | ECDSA | P-256 |
Compliance Standards
| Standard | Compliance |
|---|
| SOC 2 Type II | Infrastructure security controls |
| ISO 27001 | Information security management |
| GDPR | Data protection and privacy |
| IVMS101 | Identity data model standard |
Key Management
- Private keys are never stored by CRYMBO
- HSM-backed key storage recommended for all institutions
- Key rotation recommended every 90 days
- Compromised keys can be revoked immediately via the CRYMBO Platform