Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-J

Secure Operation of the Module 33

RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1

with Level 2 Roles, Services and Authentication

• When generating RSA key pairs for signatures or key transport, generation shall

comply with the following:

– the

KEY_TYPE parameter must be omitted or have a value of 0.

– the

KEY_BITS parameter must have value 2048, 3072 or 4096.

– the

SECURITY_STRENGTH parameter may be input. Acceptable values are:

• 112, when used for

KEY_BITS of 2048.

• 128, when used for

KEY_BITS of 3072 or 4096.

– the

PUB_EXP value must be an odd number and have a minimum value of

0x10001 (65537).

• The length of an RSA key pair for digital signature generation and verification

must be 2048, 3072 or 4096 bits. For digital signature verification, 1024 bits is

allowed for legacy-use. RSA keys shall have a public exponent of at least 65537.

• SHA1 is disallowed for the generation of digital signatures.

• The key length for an HMAC generation or verification must be equal to or

greater than 112 bits. For HMAC verification, a key length greater than or equal to

80 and less than 112 is allowed for legacy-use.

Note: JCE MAC APIs do not distinguish between generate and verify,

therefore a key length check is not explicitly performed in JCE.

• KDFs:

– For Single-step KDF:

– A FIPS 140-2 approved hash function must be used.

– For HKDF:

• A FIPS 140-2 approved HMAC must be used.

• The extracted key-derivation key must be used solely for the single

key-expansion step. For more information see

SP 800-56C Rev. 1

– For PBKDF:

• The minimum password length is 14 characters, which has a strength of

approximately 112 bits, assuming a randomly selected password using the

extended ASCII printable character set is used.

For random passwords - a string of characters from a given set of

characters in which each character is equally likely to be selected - the

strength of the password is given by:

S=L*(log N/log 2) where N is

the number of possible characters (for example, ASCII printable

characters

N = 95, extended ASCII printable characters N = 218) and L

is the number of characters. A password of the strength S can be guessed

at random with the probability of 1/2

• Keys generated using PBKDF shall only be used in data storage

applications.

• The length of the randomly-generated portion of the salt shall be at least

16 bytes. For more information see

nist-sp800-132.pdf.