{ "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9d8f3cfc-48f3-4929-ad45-1b3ab9eec945", "version": 1, "metadata": { "timestamp": "2025-11-13T23:50:29.999Z", "tools": [ { "name": "Shorstop", "version": "shorstop-web" } ], "component": { "type": "application", "name": "kjur/jsrsasign", "version": "master" }, "properties": [ { "name": "gitUrl", "value": "https://github.com/kjur/jsrsasign" }, { "name": "revision", "value": "master" }, { "name": "commit", "value": "58bb24192f501927014b67911bbde8ef27532319" } ] }, "components": [ { "type": "cryptographic-asset", "bom-ref": "RSA-usage-3456c8863f2ca437", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 9, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L9" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3456c8863f2ca437", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 9, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L9" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-c5029f98e84b5ca0", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 10, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-c5029f98e84b5ca0", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 10, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-c5029f98e84b5ca0", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 10, "additionalContext": "RSA and ECDSA signatures are vulnerable to quantum attacks. Consider post-quantum signature schemes.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-c5029f98e84b5ca0", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 10, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "UNKNOWN-usage-c5029f98e84b5ca0", "name": "UNKNOWN-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 10, "additionalContext": "JSEncrypt uses RSA which is vulnerable to quantum attacks. Migrate to post-quantum encryption.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-b3a8acafd0ff1bb0", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 11, "additionalContext": "RSA and ECDSA encryption are vulnerable to quantum attacks. Consider post-quantum alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-b3a8acafd0ff1bb0", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 11, "additionalContext": "RSA and ECDSA signatures are vulnerable to quantum attacks. Consider post-quantum signature schemes.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-b3a8acafd0ff1bb0", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 11, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "UNKNOWN-usage-b3a8acafd0ff1bb0", "name": "UNKNOWN-usage", "evidence": { "occurrences": [ { "location": "ext/cj/md5_min.js", "line": 11, "additionalContext": "JSEncrypt uses RSA which is vulnerable to quantum attacks. Migrate to post-quantum encryption.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/md5_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-1b294e3380d02777", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha256_min.js", "line": 7, "additionalContext": "RSA and ECDSA encryption are vulnerable to quantum attacks. Consider post-quantum alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha256_min.js#L7" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-1b294e3380d02777", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha256_min.js", "line": 7, "additionalContext": "RSA and ECDSA signatures are vulnerable to quantum attacks. Consider post-quantum signature schemes.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha256_min.js#L7" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-ef2631a504bf13be", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 7, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L7" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-ef2631a504bf13be", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 7, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L7" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-ef2631a504bf13be", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 7, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L7" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-a74c8dfcc212df33", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 8, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L8" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-a74c8dfcc212df33", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 8, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L8" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-a74c8dfcc212df33", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 8, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L8" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-ac68a6079afb4085", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 9, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L9" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-ac68a6079afb4085", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 9, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L9" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-ac68a6079afb4085", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 9, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L9" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-41a0886ccc97f3bc", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 10, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-41a0886ccc97f3bc", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 10, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-41a0886ccc97f3bc", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 10, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L10" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-0261501b9f227c1a", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 11, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-0261501b9f227c1a", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 11, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-0261501b9f227c1a", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "ext/cj/sha512_min.js", "line": 11, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/ext/cj/sha512_min.js#L11" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-3ab4075fc01fb38e", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 224, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L224" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-c6aef79025e45039", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 231, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L231" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-33e99f3fc38cbb34", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 232, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L232" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-2ce8c4ca2fc68c21", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 233, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L233" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-keygen-b1c334f7861a06d8", "name": "RSA-keygen", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 235, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L235" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-b1c334f7861a06d8", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 235, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L235" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-609e0aa8ef4387c2", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 237, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L237" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-1ed5ce74a10c526c", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-all-min.js", "line": 240, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-all-min.js#L240" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-6b49460b32e86406", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-jwths-min.js", "line": 117, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-jwths-min.js#L117" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-6c0d1c68838dc499", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-jwths-min.js", "line": 118, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-jwths-min.js#L118" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-fea5c60e9062eb8e", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-rsa-min.js", "line": 98, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-rsa-min.js#L98" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-e38890ee83daafa3", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "jsrsasign-rsa-min.js", "line": 100, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/jsrsasign-rsa-min.js#L100" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-3ef4ab80bf15501c", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "min/asn1x509-1.0.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/asn1x509-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-5980747e51f31762", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "min/crypto-1.1.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/crypto-1.1.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-52f88b1274113266", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "min/ecdsa-modified-1.0.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/ecdsa-modified-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-0aa174ab075dbd50", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "min/ecparam-1.0.min.js", "line": 1, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/ecparam-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-557544de0abff7d0", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "min/jws-3.3.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/jws-3.3.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-keygen-0989395dbc7fccb2", "name": "RSA-keygen", "evidence": { "occurrences": [ { "location": "min/keyutil-1.0.min.js", "line": 1, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/keyutil-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-0989395dbc7fccb2", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "min/keyutil-1.0.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/keyutil-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-encrypt-eb643caa5faee639", "name": "RSA-encrypt", "evidence": { "occurrences": [ { "location": "min/pkcs5pkey-1.0.min.js", "line": 1, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/pkcs5pkey-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-encrypt-eb643caa5faee639", "name": "ECC-encrypt", "evidence": { "occurrences": [ { "location": "min/pkcs5pkey-1.0.min.js", "line": 1, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/pkcs5pkey-1.0.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-cad498d3a8d683ca", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "min/rsasign-1.2.min.js", "line": 1, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/min/rsasign-1.2.min.js#L1" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-b06504953a9d72cf", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "npm/lib/footer.js", "line": 6, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/footer.js#L6" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-c069ebf783404473", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 224, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L224" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-0f4647b6ccae160e", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 231, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L231" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-89634b635485fe1f", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 232, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L232" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-a416f5dcac617335", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 233, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L233" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-keygen-e56e07e7e5b6e33d", "name": "RSA-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 235, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L235" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-e56e07e7e5b6e33d", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 235, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L235" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-ff0c3778f1882c76", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 237, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L237" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-49f868b0346d6cee", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-all-min.js", "line": 240, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-all-min.js#L240" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-0a1ab6ceb76d1296", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-jwths-min.js", "line": 117, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-jwths-min.js#L117" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-2f9234de22fd263b", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-jwths-min.js", "line": 118, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-jwths-min.js#L118" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-1f32c73147293c5c", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-rsa-min.js", "line": 98, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-rsa-min.js#L98" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-35adbd9adc009372", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign-rsa-min.js", "line": 100, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign-rsa-min.js#L100" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-a605b5c6923ae426", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 229, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L229" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-0e4e1a764dfa1f16", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 236, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L236" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-27fff52218f7f574", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 237, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L237" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-95c9ea74d01144dc", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 238, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L238" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-keygen-375beee8ba1a4491", "name": "RSA-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 240, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L240" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-375beee8ba1a4491", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 240, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L240" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-verify-0e26ae3fdf75cf6f", "name": "RSA-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 242, "additionalContext": "Direct RSA usage detected. RSA will be broken by sufficiently large quantum computers.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L242" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-5bb7557526e4bbc9", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 245, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L245" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-de8ecf03ceae17cf", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "npm/lib/jsrsasign.js", "line": 252, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/npm/lib/jsrsasign.js#L252" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-d6066f10258639e3", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "sample/js/fd-slider.js", "line": 37, "additionalContext": "RSA/ECDSA signature verification will fail against quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/sample/js/fd-slider.js#L37" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-d6066f10258639e3", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "sample/js/fd-slider.js", "line": 37, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/sample/js/fd-slider.js#L37" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "WebCrypto-usage-882d31e61ccc9295", "name": "WebCrypto-usage", "evidence": { "occurrences": [ { "location": "sample/js/jquery.nouislider.js", "line": 573, "additionalContext": "RSA/ECDSA key generation creates quantum-vulnerable keys. Use post-quantum key exchange.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/sample/js/jquery.nouislider.js#L573" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-usage-882d31e61ccc9295", "name": "crypto-usage", "evidence": { "occurrences": [ { "location": "sample/js/jquery.nouislider.js", "line": 573, "additionalContext": "RSA/ECDSA key pair generation is quantum-vulnerable. Migrate to post-quantum cryptography.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/sample/js/jquery.nouislider.js#L573" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-usage-882d31e61ccc9295", "name": "RSA-usage", "evidence": { "occurrences": [ { "location": "sample/js/jquery.nouislider.js", "line": 573, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/sample/js/jquery.nouislider.js#L573" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-355dda0bb2950c45", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 3789, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L3789" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-df12def4ae238346", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 3835, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L3835" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-61cefd19c3a774bf", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4119, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4119" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-67666e6891299095", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4516, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4516" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-cac55ab30d27fc0a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4517, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4517" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-4bd86e09db6faec6", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4518, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4518" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3bb06b1c9c275a4d", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4519, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4519" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-c3f42e7737bd7b3a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4520, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4520" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-1c65c3fcd29a6670", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4597, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4597" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-6df6d62dfedb446a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/asn1x509-1.0.js", "line": 4599, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/asn1x509-1.0.js#L4599" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-fcf249e5aa7f4f63", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 93, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L93" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-8c2be18244ae9716", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 94, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L94" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-7525d99d1ab4ef56", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 95, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L95" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-9457df2137e7d9c5", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 96, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L96" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-8a0042f32b390e39", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 97, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L97" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-d62118d9483c1a5a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 98, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L98" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-6a1dc9819d133ee2", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 99, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L99" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-ef7db5f1192b5dd2", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 260, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L260" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-e5f523dbdbeb81b5", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1145, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1145" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-f8ce6846d9a48d9a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1146, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1146" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-8e01e6a614c7353c", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1162, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1162" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-9e6b51e474cf0d92", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1186, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1186" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-d6063154c78261ea", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1187, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1187" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-fc8ae33a2e068116", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1202, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1202" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-verify-eed3829806b58859", "name": "ECC-verify", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1203, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1203" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "verify" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-be7eca23861424bf", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/crypto-1.1.js", "line": 1550, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/crypto-1.1.js#L1550" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-cbed065e8b80b40e", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 46, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L46" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-ebf313b3dd052412", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 54, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L54" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-175ae314bc65f0b0", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 56, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L56" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-2bc4e5e10d3fadaf", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 161, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L161" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-149be2890175c665", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 162, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L162" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-30f246a3195dd2ee", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 163, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L163" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-9387d6b63658c271", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 164, "additionalContext": "NIST P-384 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L164" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-bd0669a37e6d30c0", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 165, "additionalContext": "NIST P-384 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L165" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-aa5cad9d9f8ad159", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 166, "additionalContext": "NIST P-521 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L166" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-a05610b32f3ef78e", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 167, "additionalContext": "NIST P-521 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L167" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-a6fdbb078227ef93", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 251, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L251" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3b0da12ccf95997e", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 292, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L292" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-b1dd8e82ec51a8d3", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 689, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L689" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-6c7e6a1ea93041f9", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 690, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L690" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-9b9d829791c72a31", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 715, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L715" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-aedfb2e6419a7d7f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 759, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L759" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3b5c1ef63d33c17f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 760, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L760" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-13cd1aa5f4fadc2c", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 767, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L767" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-431cccaf51bd6199", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 770, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L770" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-7e0284a0a49fff4d", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 800, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L800" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3387afa7d2c92ffd", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 802, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L802" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-9d0e6aeaa0713dd9", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 818, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L818" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-72c8fdb3e178cb6d", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 820, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L820" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-76485f5166a0d32f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 825, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L825" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-3c740da99ac64b57", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 839, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L839" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-ba0ef88e56094183", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 842, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L842" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-4c73136304b782de", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 856, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L856" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-4aa26f4de6642c82", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 884, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L884" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-51323e698abebda3", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 887, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L887" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-68c12e35fd95fafc", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 891, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L891" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-5f7a79b2b03be2c6", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 892, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L892" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-48ddac540baa2e6f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 894, "additionalContext": "NIST P-384 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L894" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-2adcf80feb736e20", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecdsa-modified-1.0.js", "line": 895, "additionalContext": "NIST P-521 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecdsa-modified-1.0.js#L895" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-4b1f3118aa36033a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecparam-1.0.js", "line": 203, "additionalContext": "secp256k1 curve used in Bitcoin is vulnerable to quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecparam-1.0.js#L203" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-2dd93aff82b38bc2", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecparam-1.0.js", "line": 224, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecparam-1.0.js#L224" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-d1698aee5521f16f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecparam-1.0.js", "line": 236, "additionalContext": "NIST P-384 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecparam-1.0.js#L236" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-b4e5f02db2389857", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/ecparam-1.0.js", "line": 248, "additionalContext": "NIST P-521 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/ecparam-1.0.js#L248" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-257c869beb215623", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 243, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L243" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-1caca72acee4542a", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 307, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L307" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-63e957a26d354965", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 312, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L312" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-sign-48425e30021d8e11", "name": "ECC-sign", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 398, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L398" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "signature", "cryptoFunctions": [ "sign" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-86ee8af2fbeaac77", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 461, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L461" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-8c4487b790cd3e38", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 490, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L490" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-51406e290e986ead", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 493, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L493" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-cd45caea6cd2b3a2", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 818, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L818" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-bc8eebc4e6333428", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 819, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L819" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-80b6e57f3b0316bf", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/jws-3.3.js", "line": 820, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/jws-3.3.js#L820" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-decrypt-acb54eb4a740d6df", "name": "crypto-decrypt", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 228, "additionalContext": "RSA/ECDSA signature verification will fail against quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L228" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other", "cryptoFunctions": [ "decrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-decrypt-acb54eb4a740d6df", "name": "RSA-decrypt", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 228, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L228" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "decrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-encrypt-53fdac7f92d52613", "name": "crypto-encrypt", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 241, "additionalContext": "RSA/ECDSA signature verification will fail against quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L241" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-encrypt-53fdac7f92d52613", "name": "RSA-encrypt", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 241, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L241" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-785141f31e13e65f", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1074, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1074" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-cf894666c9f22224", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1103, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1103" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-f3b43ea12288cd26", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1298, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1298" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-keygen-1b2163806312876e", "name": "ECC-keygen", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1660, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1660" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pkc", "cryptoFunctions": [ "keygen" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-84a8ecc3c95c7c7a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1663, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1663" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-d246dc985b411d29", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1669, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1669" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-7595ffebc457d580", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 1733, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L1733" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-8d98f22585300558", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 2212, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L2212" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-8c18d8895633fbdb", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 2214, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L2214" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-91325a7bd1e0094e", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 2222, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L2222" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-f27b7062eb1c59fe", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/keyutil-1.0.js", "line": 2224, "additionalContext": "NIST P-256 elliptic curve is quantum-vulnerable.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/keyutil-1.0.js#L2224" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-decrypt-44a4ffd52edd6d31", "name": "crypto-decrypt", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 223, "additionalContext": "RSA/ECDSA signature verification will fail against quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L223" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other", "cryptoFunctions": [ "decrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-decrypt-44a4ffd52edd6d31", "name": "RSA-decrypt", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 223, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L223" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "decrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "crypto-encrypt-2fbdfa97223b09d9", "name": "crypto-encrypt", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 236, "additionalContext": "RSA/ECDSA signature verification will fail against quantum attacks.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L236" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "RSA-encrypt-2fbdfa97223b09d9", "name": "RSA-encrypt", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 236, "additionalContext": "RSA key generation using node-forge is quantum-vulnerable. Consider lattice-based alternatives.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L236" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "pke", "cryptoFunctions": [ "encrypt" ] } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-d9cf84411f8fba97", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 837, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L837" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-88adb0023277d500", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 895, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L895" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } }, { "type": "cryptographic-asset", "bom-ref": "ECC-usage-f06708cf9bd0151a", "name": "ECC-usage", "evidence": { "occurrences": [ { "location": "src/pkcs5pkey-1.0.js", "line": 1007, "additionalContext": "ECDSA is vulnerable to quantum attacks via Shor's algorithm.\nGitHub: https://github.com/kjur/jsrsasign/blob/58bb24192f501927014b67911bbde8ef27532319/src/pkcs5pkey-1.0.js#L1007" } ] }, "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "other" } } } ], "dependencies": [], "externalReferences": [ { "type": "vcs", "url": "https://github.com/kjur/jsrsasign", "comment": "Git commit: 58bb24192f501927014b67911bbde8ef27532319" } ] }