Reference Guide

22 The Cryptographic Module

RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1

1.5.5 Key Access

An authorized operator of the module has access to all key data created during JCM

operation. The User and Officer roles have equal and complete access to all keys.

The following table lists the different services provided by the module with the type

of access to keys or CSPs.

Table 4 Key and CSP Access

Service Key or CSP Type of Access

Asymmetric

encryption and decryption

Asymmetric keys (RSA) Read/Execute

Encryption and decryption Symmetric keys (AES, Triple-DES) Read/Execute

Digital signature and

verification

Asymmetric keys (DSA, ECDSA, RSA) Read/Execute

Hashing None N/A

MAC

HMAC

keys

CMAC keys

Read/Execute

Random number generation CTR DRBG entropy, V, key, init_seed

Hash DRBG entropy, V, C, init_seed

HMAC DRBG entropy, V, key, init_seed

Read/Write/Execute

Key derivation

HKDF keys

Single-step KDF keys

TLS Pre-Master Secret

TLS Master Secret

TLS Session keys

Read/Execute

Key establishment Asymmetric keys (DH, ECDH) Read/Execute

Key generation Symmetric keys (AES, Triple-DES)

Asymmetric keys

(DH, DSA, ECDSA, ECDH, RSA)

MAC keys (HMAC, CMAC)

Write

Self-test Hard-coded keys,

(AES, Triple-DES, RSA, DSA, ECDSA,

HMAC, CMAC, HKDF)

Hard-coded entropy, strength, and seed

(HMAC DRBG, HASH DRBG, CTR DRBG)

Read/Execute

Show status None N/A

Zeroization All Read/Write