Reference Guide

Chapter 6: Changes Between Releases 4.1.2 and 4.1.4 57

RSA BSAFE Crypto-C Micro Edition 3.x to 4.1.4 Migration Guide

Asymmetric Key Assurance

The proper management and use of cryptographic keys is essential to the use of

cryptography for security. NIST provides a wealth of guidance for the management of

keys, and this is included in the FIPS 140-2 standard. Even when FIPS 140-2

compliance is not required for an application, following the NIST guidance is

recommended.

NIST plans to introduce new guidance for key establishment which will be a

requirement for FIPS 140-2 applications. This guidance will be available when the

standards are finalized. See Transition Plans for Key Establishment Schemes using

Public Key Cryptography for more information.

One central aspect of the new guidance is the requirement of cryptographic key users

to gain assurance that keys can be used safely. In particular, the guidance describes

cryptographic tests that can be performed when keys are received from a third party,

whether trusted or untrusted. This process is known as key validation.

RSA strongly recommends the inclusion of key validation where keys are imported

into applications.

Crypto-C ME 4.1.4 includes key validation functionality as described in SP 800-56A

revision 3 and SP 800-56B revision 1.

Key validation is not performed automatically in Crypto-C ME. Explicit function calls

to validate keys should be added to applications where keys are received from third

parties.

For more information, see the Asymmetric Key Management > Asymmetric Key

Assurance and Validation section in the RSA BSAFE Crypto-C Micro Edition

Developers Guide.