Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
11121314151617181920
Crypto-C ME Cryptographic Toolkit 17
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
1.4 Cryptographic Key Management
Cryptographic key management is concerned with generating keys, key assurance,
storing keys, managing access to keys, protecting keys during use, and zeroizing keys
when they are no longer required.
1.4.1 Key Generation
Crypto-C ME supports the generation of DSA, RSA, Diffie-Hellman (DH) and
Elliptic Curve Cryptography (ECC) public and private keys. Crypto-C ME uses the
CTR Deterministic Random Bit Generator (CTR DRBG) as the default
pseudo-random number generator (PRNG) for asymmetric and symmetric keys.
When operating in a FIPS 140-2-approved manner, RSA keys can only be generated
using the approved FIPS 186-4 RSA key generation method.
1.4.2 Key Assurance
Crypto-C ME supports validity assurance of asymmetric keys. Functions are
available to test the validity of:
ECC keys, and DSA keys and domain parameters, against FIPS 186-4
ECC keys, and DH keys and domain parameters, against SP 800-56A
RSA keys against FIPS 186-4 or SP 800-56B.
1.4.3 Key Storage
Crypto-C ME does not provide long-term cryptographic key storage. If a user chooses
to store keys, the user is responsible for storing keys exported from the module.
The following table lists all keys and Critical Security Parameters (CSPs) in the
module and where they are stored.
Table 2 Key Storage
Key or CSP Generation/Input/Output Storage
Hardcoded DSA public key Generated when the module is created
Cannot be output from the module.
Persistent storage embedded
in the module binary
AES keys Entered in plaintext through the API or
generated by an explicit API call
Output in plaintext through the API.
Volatile memory only
(plaintext)
Triple-DES keys Entered in plaintext through the API or
generated by an explicit API call
Output in plaintext through the API.
Volatile memory only
(plaintext)
HMAC keys Entered in plaintext through the API or
generated by an explicit API call
Output in plaintext through the API.
Volatile memory only
(plaintext)