ERP/1: Authority

Intro

ERP/1 AUTHORITY is designed for the high-performance delivery of digital certificates and signatures. The system supports decentralised PKIX models like EUDI, ensuring seamless integration with existing PKI standards. The cryptographic core is written in Erlang/Elixir, providing robustness for mission-critical applications.

Cryptographic Capabilities

Signing

PBMAC1, ECDSA (Pure Elixir), RSA
CAdES, ДСТУ 4145:2014, ДСТУ 7564:2014

Encryption

AES, AES-KW, CMS
ДСТУ 7624:2014 (Kalyna)

Derivation

KDF, HKDF, PBKDF2

Curves

SECP384R1, SECP256V1, SECP521R1
CURVE25519, CURVE448

Services & Protocols

EST (Enrollment over Secure Transport) — automated certificate issuance and management.
CMP (Certificate Management Protocol) — comprehensive certificate lifecycle operations.
OCSP (Online Certificate Status Protocol) — real-time verification of certificate validity.
TSP (Time Stamping Protocol) — RFC 3161 compliant time stamps.
LDAP — integration for certificate and CRL publishing.

EUDI Architecture

EUDI is decentralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport.

EUID Wallet (Holder) — iOS/Android application for secure credential storage.

EUDI Provider (Issuer) — OpenID for Verifiable Credentials (PID, QEAA).

EUDI Verifier — status verification and presentation handling.

Unlike centralized PKIX models, EUDI provides a distributed framework where all parties are cryptographically bound, prioritizing user privacy by ensuring the Holder mediates all data sharing interactions.

Development History

2010—2018: LDAP
2020: Qualified Digital Signature (QES)
2023: CMS Messenger, CHAT X.509, CMS S/MIME & S/MIME Compliance
2023: LDAP Compliance, CMP/CMC/EST, MLS ROOM CHAT
2023: CA CURVE, CHAT ASN.1, ASN.1 Compiler, SWIFT X.509
2024: ASN1.EX X.680, EST server 7030, EUDI, CBOR COSE, MSO MDoc