Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
11121314151617181920
16 Crypto-C ME Cryptographic Toolkit
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
1.3 Roles, Services and Authentication
Crypto-C ME meets all FIPS 140-2 Level 2 requirements for roles, services, and
authentication, implementing both a User role and Crypto Officer role. Role-based
authentication is implemented for these roles. Only one role can be active at a time
and Crypto-C ME does not allow concurrent operators.
1.3.1 Provider Configuration
The application is responsible for enabling Level 2 roles and authentication prior to
the module being loaded.
The application must supply the
R_FIPS140_FEATURE_SL2_roles feature when
creating the FIPS 140 provider.
To load the cryptographic module with the R_FIPS140_FEATURE_SL2_roles
feature:
1. Call R_PROV_FIPS140_new() including R_FIPS140_FEATURE_SL2_roles
as one of the provider features.
2. Configure the location of the cryptographic module library files using
R_PROV_FIPS140_set_path().
3. Call
R_PROV_FIPS140_load() to load the cryptographic module.
The cryptographic module uses a database of role identity information to validate
authentication attempts by the operator. The roles database stores a salted message
digest of a PIN for each role it authenticates. The roles database can be stored either in
memory or in a file. The application must set up a roles database and add
authentication data before it can perform Level 2 role authentication.
To create the roles database in a file:
1. Load the FIPS140 provider with the R_FIPS140_FEATURE_SL2_roles
feature.
2. Set the location of the file by calling
R_PROV_FIPS140_set_roles_file()
and specify the path to the file.
Note: For operating systems using wide character sets, call
R_PROV_FIPS140_set_roles_file_w() instead.
3. Create the file by calling
R_PROV_FIPS140_init_roles().
To create the roles database in memory:
1. Load the FIPS140 provider with the R_FIPS140_FEATURE_SL2_roles
feature.
2. Initialize the data in memory by calling
R_PROV_FIPS140_init_roles().