Reference Guide
The Cryptographic Module 11
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1
1.4.3 Services
The JCM provides services which are available for both FIPS 140-2 and non-FIPS
140-2 usage. For a list of FIPS 140-2 approved and FIPS 140-2 allowed algorithms,
see Table 5.
The following table lists the un-authenticated services provided by the JCM which
may be used by either Role, in either the FIPS or non-FIPS mode, in terms of the
module interface. For each interface, lists of algorithms that are allowed and not
allowed when operating the module in a FIPS 140-2 compliant way are specified.
Table 2 Services Available to the Crypto User and Crypto Officer Roles
Services Available to the Crypto User and Crypto Officer Roles
Encryption/Decryption:
SymmCipher clearSensitiveData
clone
doFinal
getAlg
getAlgorithmParams
getBlockSize
getCryptoModule
getFeedbackSize
getMaxInputLen
getOutputSize
init
isIVRequired
reInit
update
Algorithms allowed for FIPS 140-2 usage
AES (CBC, CCM, CFB, CTR, ECB, GCM, OFB, XTS)
Triple-DES (CBC, CFB, ECB, OFB)
PBE (PKCS #5 V2 - Approved for key storage)
Algorithms not allowed for FIPS 140-2 usage
AES (BPS, CBC_CS1, CBC_CS2, CBC_CS3)
Triple-DES (CBC_CS1, CBC_CS2, CBC_CS3)
ChaCha20
ChaCha20/Poly1305
DES
DESX
RC2
®
RC4
®
RC5
®
PBE (PKCS #12, PKCS #5, SSLCPBE)