Reference Guide

Crypto-C ME Cryptographic Toolkit 19

RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy

Level 1

The following Crypto-C ME algorithms are not FIPS 140-2-approved:

• AES in BPS mode for format-preserving encryption (FPE)

• DES

• DESX

• DES40

• Camellia

• GOST

• SEED

• RC2

• RC4

• RC5

• RSA with key sizes less than 2048 bits

• DSA with key sizes less than 2048 bits

• ECDSA with key sizes less than 224 bits

• DH with key sizes less than 2048 bits

• ECDH with key sizes less than 224 bits

• MD2

• MD4

• MD5

• HMAC MD5

• ECAES

• ECIES

• Dual EC DRBG

Key Wrapping RSA encrypt and decrypt (2048 to 4096-bit key size).

For key wrapping using RSA, the key establishment methodology

provides between 112 and 150 bits of encryption strength. Less than

112 bits of security (key sizes less than 2048 bits) is non-compliant.

Non-approved

(Allowed in FIPS

140-2 mode for

key transport).

Message Digest SHA-1, and SHA-224, 256, 384, 512, 512/224, and 512/256 2402

Message

Authentication Code

HMAC-SHA1, SHA224, SHA256, SHA384, SHA512,

SHA512/224, and SHA512/256

1799

Not yet tested by the CAVP, but is approved for use in FIPS 140-2 mode. RSA affirms correct implementation of the algorithm.

Table 4 Crypto-C ME FIPS 140-2-approved and allowed Algorithms (continued)

Algorithm Type Algorithm

Validation

Certificate