Reference Guide
Secure Operation of Crypto-C ME 33
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
• The key establishment methodology provides:
• between 112 bits and 256 bits of encryption strength when using
approved domain parameter size sets, as listed in Table 4.
• between 112 and 256 bits of encryption strength when curves that are
allowed.
• less than 112 bits of encryption strength when using curves that are
not allowed.
– For FFC based DH key agreement schemes:
• When generating DH FFC domain parameters, generation shall comply
with FIPS 186-4 by specifying the algorithm identifier
R_CR_ID_DH_PARAMETER_GENERATION when creating the R_CR
object.
• Domain parameter size sets with:
• L >= 2048 bits and N >= 224 bits are allowed
• L < 2048 bits or N < 224 bits are not allowed
Where:
L is the bit length of the prime field size
N is the bit length of the sub-prime field size.
– The key establishment methodology provides:
• 112 bits or 128 bits of encryption strength, when using approved
domain parameter size sets, as listed in Table 4.
• between 112 and 256 bits of encryption strength, when using allowed
domain parameter size sets.
• less than 112 bits of encryption strength when using domain
parameter size sets that are not allowed.
• Key Transport/Wrapping:
– For key wrapping using AES:
• The key establishment methodology provides between 128 and 256 bits
of encryption strength.
– For RSA Key Transport/Wrapping schemes:
• Modulus sizes
• greater than or equal to 2048-bits are allowed.
• less than 2048-bits are not allowed.
• The key establishment methodology provides: