use the Galois Counter Mode (GCM) mode of operation as specified in NIST Special Publication 800-38D12;
use the GMAC technique, based on the use of AES-128, for the calculation of Message Authentication Codes (MACs), as specified in NIST Special Publication 800-38D (see above);
use, as the Digital Signature technique, ECDSA (as specified in FIPS PUB 186-413) in combination with the curve P-256 (as specified in FIPS PUB 186-4 at Section D.1.2.3) and SHA-256 as the Hash function. Within Messages, Signatures shall be in the Plain Format;
use, to calculate the Shared Secret Z, the Static Unified Model, C(0e, 2s, ECC CDH) Key Agreement technique (as specified in NIST Special Publication 800-56Ar214 save for the requirement to zeroize the Shared Secret) with:
the Single-step Key Derivation Function (KDF) based on SHA-256, as specified in NIST Special Publication 800-56Ar2; and
the P-256 curve for the elliptic curve operations.
Resulting DerivedKeyingMaterial (with its meaning in NIST Special Publication 800-56Ar2) shall only ever be used in relation to one Message instance. Any Shared Secret that is not ‘zeroized’ shall be stored and used with the same security protections as Private Keys.