Reference Guide
26 Crypto-C ME Cryptographic Toolkit
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
Symmetric Cipher AES
• CBC, CFB 128-bit, ECB, OFB 128-bit, and CTR modes with 128,
192, and 256-bit key sizes
• CCM modes with 128, 192, and 256-bit key sizes
• GCM mode with automatic internally generated IV with 128, 192,
and 256-bit key sizes
• XTS mode with 128 and 256-bit key sizes.
SP 800-38A
SP 800-38C
SP 800-38D
SP 800-38E
C584
Triple-DES (three key)
• ECB, CBC, CFB 64-bit, and OFB 64-bit modes
SP 800-67,
SP 800-38A
C584
1
A 3072-bit modulus is not tested by the CAVP but is approved for use in the FIPS 140-2 approved mode of operation. RSA affirms correct
implementation of RSADP and RSASP1 with a 3072-bit modulus.
2
Vendor Affirmed.
3
CMVP KAS certificates show compliance with the original version of SP 800-56A. RSA affirms compliance with SP 800-56A Rev. 2 as
detailed in IG D.1-rev2.
4
All schemes were tested with single step concatenation KDF and key confirmation.
5
As defined by the HKDF expand step,
6
As defined in SP 800-132, PBKDF2 can be used in FIPS 140-2 approved mode of operation when used with FIPS 140-2-approved
symmetric key and message digest algorithms. For more information, see
Crypto User Guidance.
7
Not yet tested by the CAVP, but is approved for use in FIPS 140-2 approved mode of operation. RSA affirms correct implementation of the
algorithm.
8
The TLS 1.0 and 1.1 KDF, documented in SP 800-135, are only allowed when the conditions detailed in the Crypto User Guidance are
satisfied.
Table 4 Crypto-C ME FIPS 140-2-approved Algorithms (continued)
Algorithm Type Algorithm and approved parameter/modulus/key sizesStandard
Validation
Certificate