Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-J
31323334353637383940
Secure Operation of the Module 31
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1
with Level 2 Roles, Services and Authentication
2.3.1 Crypto User Guidance on Algorithms
The Crypto User must only use algorithms approved for use in a FIPS 140-2 mode
of operation, as listed in Table 9.
Only FIPS 140-2 Approved DRBGs may be used for generation of keys
(asymmetric and symmetric).
When using an approved DRBG, the number of bytes of seed key input must be
equivalent to or greater than the security strength of the keys the caller wishes to
generate. For example, a 256-bit or higher seed key input when generating 256-bit
AES keys.
When using an Approved DRBG to generate keys or DSA parameters, the
requested DRBG must have a security strength at least as great as the security
strength of the key being generated. That means that an Approved DRBG with an
appropriate strength must be used. For more information on requesting the DRBG
security strength, see the relevant API Javadoc.
Since the module does not modify the output of an Approved DRBG, any
generated symmetric keys or seed values are created directly from the output of
the Approved DRBG.
FIPS 186-2 RNG is not to be used in an approved FIPS 140-2 mode of operation.
In case the power to the module is lost and then restored, the key used for the AES
GCM encryption/decryption shall be re-distributed.
When generating key pairs using the
KeyPairGenerator object, the
generate(boolean pairwiseConsistency) method must not be invoked
with an argument of
false. Use of the no-argument generate() method is
recommended.
The AES-GCM cipher, when used for symmetric encryption purposes other than
TLS, must use an IV in one of the two possible ways, to comply with
SP 800-38D:
allow the module to generate the IV deterministically by not supplying any IV
parameters during cipher initialization. The generated 96-bit (12-byte) IV
consists of a 32-bit fixed field followed by a 64-bit invocation field where
the fixed field bytes are derived from the module name, version
information and memory address of a Java class within the module
the invocation field is a 64-bit counter that is initialized, on startup, to a
value consisting of the 44 bits of current time, as milliseconds since
Epoch, followed by 22 bits of zero. By using the current time to prefix the
counter start value, in the event of module restart, the counter will be
ahead of any previous module states, ensuring that IV values cannot be
reused.
generate at least 12 bytes of IV using an Approved DRBG, and input the IV to
the cipher at initialization time using the
RAW_IV parameter.