Reference Guide
The Cryptographic Module 23
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1
1.6 Cryptographic Algorithms
The JCM offers a wide range of cryptographic algorithms. This section describes the
algorithms that can be used when operating the module in a FIPS 140-2 compliant
manner.
The following table lists the FIPS 140-2 approved and FIPS 140-2 allowed algorithms
that can be used when operating the module in a FIPS 140-2 compliant way.
Table 5 JCM FIPS 140-2 Approved Algorithms
Algorithm Type Algorithm Standard
Validation
Certificate
Asymmetric
Cipher
RSA-OAEP, RSA-KEM-KWS
(2048 and 3072 bit key sizes)
Vendor Affirmed as
part of Key
Transport Schemes
Asymmetric Key RSADP Component Test
C662
Key Agreement
Primitives
FFC DH (2048 and 3072 bit key sizes) SP 800-56A Vendor affirmed
ECDHC (224 to 571 bit key sizes)
KASECC_(ECCCDH) Primitive Component Test
C662
Key Agreement
Schemes
FFC, ECC primitive / Single-Step KDF / Key
Confirmation
[dhHybrid1, dhEphem, dhHybridOneFlow, dhOneFlow,
dhStatic, (Cofactor) Full Unified Model, (Cofactor)
Ephemeral Unified Model, (Cofactor) One-Pass Unified
Model, (Cofactor) One-Pass Diffie-Hellman, (Cofactor)
Static Unified Model]
C662
Key Transport
Schemes
RSA-OAEP, RSA-KEM-KWS cipher / Single-Step KDF /
Key Confirmation
[KTS-OAEP, KTS-OAEP-Party_V-confirmation,
KTS-KEM-KWS,
KTS-KEM-KWS-Party_V-confirmation]
SP 800-56B Vendor affirmed
Key Derivation HKDF SP 800-108
C662
KDFTLS10
1
SP 800-135 rev1
C662
KDFTLS12
2
with SHA-256, SHA-384, SHA-512
PBKDF2 SP 800-132 Vendor Affirmed
(Approved in FIPS
mode for key
storage
3
)
Key Wrap KTS (AES Certificate C662: key establishment
methodology provides between 128 and 256 bits of
encryption strength)
SP 800-38F
C662
Key Generation Cryptographic Key Generation (CKG) SP 800-133 Vendor affirmed