Reference Guide

Secure Operation of Crypto-C ME 31

RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1

• The key establishment methodology provides:

• between 112 bits and 256 bits of encryption strength when using

approved domain parameter size sets, as listed in Table 4.

• between 112 and 256 bits of encryption strength when curves that are

allowed.

• less than 112 bits of encryption strength when using curves that are

not allowed.

– For FFC based DH key agreement schemes:

• When generating DH FFC domain parameters, generation shall comply

with FIPS 186-4 by specifying the algorithm identifier

R_CR_ID_DH_PARAMETER_GENERATION when creating the R_CR

object.

• Domain parameter size sets with:

• L >= 2048 bits and N >= 224 bits are allowed

• L < 2048 bits or N < 224 bits are not allowed

Where:

L is the bit length of the prime field size

N is the bit length of the sub-prime field size.

– The key establishment methodology provides:

• 112 bits or 128 bits of encryption strength, when using approved

domain parameter size sets, as listed in Table 4.

• between 112 and 256 bits of encryption strength, when using allowed

domain parameter size sets.

• less than 112 bits of encryption strength when using domain

parameter size sets that are not allowed.

• Key Transport/Wrapping:

– For key wrapping using AES:

• The key establishment methodology provides between 128 and 256 bits

of encryption strength.

– For RSA Key Transport/Wrapping schemes:

• Modulus sizes

• greater than or equal to 2048-bits are allowed.

• less than 2048-bits are not allowed.

• The key establishment methodology provides: