Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-J

Secure Operation of the Module 35

RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1

2.3.4 Crypto User Guidance on Obtaining Assurances for

Key Transport Applications

The module provides support for the NIST SP800.56B recommendations for key

transport. NIST Special Publication 800-56B Revision 1: “Recommendation for

Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”

provides the methods to obtain these assurances.

The tables below describe the SP 800-56B recommendations for key transport.

Obtain a key establishment

key pair that is generated as

specified for the appropriate

algorithm.

The module generates the digital signature key pair according

to the required standards.

Choose a FIPS-Approved DRBG like HMAC DRBG to

generate the key pair.

Owner assurance of the

validity of the public key.

The module provides APIs to explicitly validate the public

key according to SP 800-89. For the JCM API,

PublicKey.isValid(SecureRandom secureRandom)

Owner assurance of the

validity of the private key.

The module provides APIs to explicitly validate the private

key according to SP 800-56A. For the JCM API,

PrivateKey.isValid()

Owner assurance of pairwise

consistency

The module provides an API to explicitly validate the keypair

according to the pairwise consistency requirements in SP

800.56A. For the JCM API,

KeyPair.validate(SecureRandom)

Table 9 Key Transport Recommendations

NIST SP 800-56B

Recommendations

Module Capabilities and Recommendations

Assurance of Key-Pair

Validity

The module provides APIs to explicitly validate an RSA Key

Pair according to SP 800.56B. The JCM API available is:

KeyPair.validate(AlgInputParams, SecureRandom).

The parameters object can be supplied with

SECURITY_STRENGTH and KEY_BITS inputs.

This API performs both a pairwise consistency test and a key

pair validation according to

“rsakpv1-crt” and

“crt_pkv” methods.

Assurance of Public Key

Validity

The module provides APIs to explicitly validate the RSA

public key according to SP 800.56B and SP 800-89.

The JCM API available is:

KeyPair.validate(AlgorithmParams, SecureRandom)

Assurance of Possession of

Private Key

The module supports Key Confirmation for providing

assurance of possession of a private key in a key transport

scheme. The JCM API available is:

KeyConfirmation.

Table 8 Key Establishment Recommendations (continued)

NIST SP 800-56A

Recommendations

Module Capabilities and Recommendations