Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite

Secure Operation of Crypto-C ME 39

RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1

with Level 2 Roles, Services and Authentication

2.1.3 Crypto User Guidance on Obtaining Assurances for

Key Agreement Applications

The module provides support for the recommendations for key agreement in

SP 800-56A. SP 800-56A provides the methods to obtain these assurances.

The table below describes the SP 800-56A recommendations for key establishment

and the corresponding module capabilities and recommendations.

Obtain assurance that the

claimed signatory actually

possessed the private key that

was used to generate the

digital signature at the time

that the signature was

generated.

Outside the scope of the module.

Table 10 Key Establishment Recommendations

NIST SP 800-56A

Recommendations

Module Capabilities and Recommendations

Obtain appropriate FFC and

ECC domain parameters.

The generation of FFC parameters is in accordance with the

FIPS 186-4 standard for the generation of probable primes.

For ECC, use the NIST recommended curves as defined in

section

2.1.1.

Obtain assurance of the

validity of those domain

parameters.

The module provides the API

R_CR_validate_key() to

validate FFC parameters for probable primes as described in

FIPS 186-4.

For ECC, use the NIST recommended curves as defined in

section

2.1.1.

Obtain a key establishment

key pair that is generated as

specified for the appropriate

algorithm.

The module generates the key establishment key pair

according to the required standards.

Choose a FIPS-Approved DRBG like HMAC DRBG to

generate the key pair.

Owner assurance of the

validity of the public key.

The module provides the API

R_CR_validate_key() to

explicitly validate the public key according to SP 800-56A.

Owner assurance of the

validity of the private key.

The module provides the API

R_CR_validate_key() to

explicitly validate the private key according to SP 800-56A.

Owner assurance of pairwise

consistency

The module provides the API

R_CR_validate_key() to

explicitly validate the keypair according to the pairwise

consistency requirements in SP 800-56A.

Table 9 Verifier Requirements (continued)

FIPS 186-4 Requirement Module Capabilities and Recommendations