Reference Guide
60 Chapter 6: Changes Between Releases 4.1.2 and 4.1.4
RSA BSAFE Crypto-C Micro Edition 3.x to 4.1.4 Migration Guide
Diffie-Hellman Operations
With the release of Crypto-C ME 4.1.4, the underlying specifications for performing
Diffie-Hellman (DH) key exchange, key generation, and key parameter generation are
changed.
Prior to Crypto-C ME 4.1.4, DH key exchange and generation, and key parameter
generation was performed according to the specifications outlined in IEEE P1363
draft 10 Section A.16.1. From Crypto-C ME 4.1.4 onwards, default DH key exchange
and generation is performed according to the specifications outlined in SP 800-56A,
and DH key parameter generation according to the specifications in FIPS 186-4.
DH key parameter generation can only be performed using the FIPS 186-4 method.
DH key exchange and key generation can be performed using either the IEEE P1363
or SP 800-56A method, however:
• SP 800-56A is the default. To use IEEE P1363, you must explicitly select the
IEEE P1363 resources in your resource list and use the IEEE P1363 algorithms.
Note: The default DH key exchange and key generation algorithms use
the SP 800-56A implementation, but allows the use of legacy parameters,
which might not have the sub-prime value available.
•
IEEE P1363 is not FIPS 140-2-compliant and is only accessible in non-FIPS mode.
RSA strongly recommends performing DH key exchange and key generation using
the SP 800-56A method.
Diffie-Hellman Key Exchange Identifiers
The following table lists the DH key exchange resource and algorithm identifiers for
Crypto-C ME:
Table 14 Diffie-Hellman Key Exchange Resource and Algorithm Identifiers
Prior to Crypto-C ME 4.1.4 Crypto-C ME 4.1.4
Resource Identifiers
R_CR_KEY_EXCHANGE_DH
according to IEEE P1363
R_CR_KEY_EXCHANGE_DH
according to SP 800-56A
R_CR_KEY_EXCHANGE_DH_SP800_56A
R_CR_KEY_EXCHANGE_DH_IEEE_P1363
Algorithm Identifiers
R_CR_ID_KE_DH
according to IEEE P1363
R_CR_ID_KE_DH
according to SP 800-56A
R_CR_ID_KE_DH_SP800_56A
R_CR_ID_KE_DH_IEEE_P1363