Reference Guide

26 The Cryptographic Module

RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1

with Level 2 Roles, Services and Authentication

The following lists all other available algorithms in the JCM that are not allowed for

FIPS 140-2 usage. These algorithms must not be used when operating the module in a

FIPS 140-2 compliant way.

• AES in BPS mode for FPE

• AES in CBC_CS1, CBC_CS2 or CBC_CS3 mode for CTS

• ChaCha20/Poly1305 AEAD cipher

• ChaCha20 cipher

• DES

• DESX

• ECIES

• FIPS 186-2 PRNG (Change Notice General)

• HMAC-MD5

• MD2

• MD5

• PKCS #5 KDF

• PKCS #12 KDF

• Poly1305 MAC

• RC2 block cipher

• RC4 stream cipher

• RC5 block cipher

• RSA Keypair Generation MultiPrime (2 or 3 primes)

• RSA X9.31, PKCS #1 V.1.5, RSASSA-PSS Signature Generation FIPS 186-2

(4096 bit key size)

• RIPEMD160

• scrypt

• Shamir Secret Sharing

• Triple-DES in CBC_CS1, CBC_CS2 or CBC_CS3 mode for CTS.

MD5 is allowed in FIPS mode only for use in TLS.