Reference Guide

16 Crypto-C ME Cryptographic Toolkit

RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy

Level 1

2.4.3 Key Access

An authorized operator of the module has access to all key data created during

Crypto-C ME operation.

Note: The Crypto User and Crypto Officer roles have equal and complete

access to all keys.

The following table lists the different services provided by the toolkit with the type of

access to keys or CSPs.

HMAC DRBG entropy Volatile memory only (plaintext).

HMAC DRBG V value Volatile memory only (plaintext).

HMAC DRBG key Volatile memory only (plaintext).

HMAC DRBG init_seed Volatile memory only (plaintext).

FIPS 186-2 seed Volatile memory only (plaintext).

FIPS 186-2 key Volatile memory only (plaintext).

Table 2 Key Storage (continued)

Key or CSP Storage

Table 3 Key and CSP Access

Service Type Key or CSP Type of Access

Encryption and decryption Symmetric keys (AES, Triple-DES) Read/Execute

Digital signature and

verification

Asymmetric keys (DSA, Elliptic Curve DSA (ECDSA),

and RSA)

Read/Execute

Message digest None N/A

MAC HMAC keys Read/Execute

Random number generation CTR DRBG entropy, V, and key

HMAC DRBG entropy, V, key, and init_seed

FIPS 186-2 seed and key

Read/Write/Execute

Key generation Symmetric keys (AES, Triple-DES)

Asymmetric keys (DSA, ECDSA, RSA, Diffie-Hellman

(DH), and ECDH)

MAC keys (HMAC)

Write

Key establishment primitives Asymmetric keys (RSA, DH, ECDH) Read/Execute