Reference Guide
Secure Operation of the Module 33
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1
with Level 2 Roles, Services and Authentication
• When generating RSA key pairs for signatures or key transport, generation shall
comply with the following:
– the
KEY_TYPE parameter must be omitted or have a value of 0.
– the
KEY_BITS parameter must have value 2048, 3072 or 4096.
– the
SECURITY_STRENGTH parameter may be input. Acceptable values are:
• 112, when used for
KEY_BITS of 2048.
• 128, when used for
KEY_BITS of 3072 or 4096.
– the
PUB_EXP value must be an odd number and have a minimum value of
0x10001 (65537).
• The length of an RSA key pair for digital signature generation and verification
must be 2048, 3072 or 4096 bits. For digital signature verification, 1024 bits is
allowed for legacy-use. RSA keys shall have a public exponent of at least 65537.
• SHA1 is disallowed for the generation of digital signatures.
• The key length for an HMAC generation or verification must be equal to or
greater than 112 bits. For HMAC verification, a key length greater than or equal to
80 and less than 112 is allowed for legacy-use.
Note: JCE MAC APIs do not distinguish between generate and verify,
therefore a key length check is not explicitly performed in JCE.
• KDFs:
– For Single-step KDF:
– A FIPS 140-2 approved hash function must be used.
– For HKDF:
• A FIPS 140-2 approved HMAC must be used.
• The extracted key-derivation key must be used solely for the single
key-expansion step. For more information see
SP 800-56C Rev. 1
– For PBKDF:
• The minimum password length is 14 characters, which has a strength of
approximately 112 bits, assuming a randomly selected password using the
extended ASCII printable character set is used.
For random passwords - a string of characters from a given set of
characters in which each character is equally likely to be selected - the
strength of the password is given by:
S=L*(log N/log 2) where N is
the number of possible characters (for example, ASCII printable
characters
N = 95, extended ASCII printable characters N = 218) and L
is the number of characters. A password of the strength S can be guessed
at random with the probability of 1/2
S
.
• Keys generated using PBKDF shall only be used in data storage
applications.
• The length of the randomly-generated portion of the salt shall be at least
16 bytes. For more information see
nist-sp800-132.pdf.