This test determines whether the (asymmetric) signing key of the ID tokens is secure. The key must be at least 2048 bits for RSA or 160 bits for elliptic curve algorithms.
This test is part of the following document(s):
Back to the test case overview or the threat overview