Reference Guide
Secure Operation of Crypto-C ME 35
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
• KDFs:
– For HKDF:
• A FIPS 140-2 approved HMAC must be used.
• A particular key-derivation key must only be used for a single
key-expansion step. For more information see SP 800-56C Rev. 1
• The derived key must be used only as a secret key.
• The derived key shall not be used as a key stream for a stream cipher.
• When selecting an HMAC hash, the output block size must be equal to or
greater than the desired security strength of the derived key.
– For PBKDF2:
• Passwords must be generated using a cryptographically secure random
password generator that employs an approved DRBG.
• The minimum password length depends on the character set chosen.
For examples, see Information on Minimum Password Length.
• The length of the randomly-generated portion of the salt shall be at least
16 bytes. For more information see SP 800-132.
• The iteration count shall be selected as large as possible, a minimum of
10,000 iterations is recommended.
See section 5.1.1.2, Memorized Secret Verifiers, of SP 800-63B.
• The maximum key length is
(2
32
-1)*b, where b is the digest size of
the hash function.
• The key derived using PBKDF2 can be used as referred to in SP 800-132,
Section 5.4, option 1 and 2.
• Keys generated using PBKDF2 shall only be used in data storage
applications.
– For Single-step KDF:
• A FIPS 140-2 approved HMAC must be used.
– For TLS 1.0, 1.1 and 1.2 Key Derivation:
• The TLS 1.0 and 1.1 KDF is allowed only when the following conditions
are satisfied:
• The KDF is performed in the context of the TLS protocol
• SHA-1 and HMAC are as specified in FIPS 180-4 and FIPS 198-1,
respectively.
• The TLS 1.2 KDF, is allowed only when the following conditions are
satisfied: