Reference Guide
30 Secure Operation of Crypto-C ME
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
2 Secure Operation of Crypto-C ME
This section provides an overview of how to securely operate Crypto-C ME in
compliance with the FIPS 140-2 standards.
Note: The module operates as a Validated Cryptographic Module only when
the rules for secure operation are followed.
2.1 Crypto User Guidance
This section provides guidance to the module user to ensure that the module is used in
a FIPS 140-2 compliant way.
Section 2.1.1 provides algorithm-specific guidance. The requirements listed in this
section are not enforced by the module and must be ensured by the module user.
Section 2.1.2 provides guidance on obtaining assurances for Digital Signature
Applications.
Section 2.1.3 provides guidance on obtaining assurances for Key Agreement
Applications.
Section 2.1.4 provides guidance on obtaining assurances for Key Transport
Applications.
Section 2.1.5 provides information about the minimum length of passwords.
Section 2.1.6 provides general crypto user guidance.
2.1.1 Crypto User Guidance on Algorithms
The following guidance is provided for Crypto Users operating in the FIPS 140-2
approved mode.
The Crypto User must use only those algorithms approved or allowed for use in a
FIPS 140-2 approved mode of operation. These algorithms are listed in:
• Table 4, Crypto-C ME FIPS 140-2-approved Algorithms
• Table 5, Crypto-C ME FIPS 140-2-allowed Algorithms.
For:
• Key Agreement:
– For ECC based DH key agreement schemes:
• Curves with:
• at least 112 bits of security strength are allowed.
• less than 112 bits of security strength are not allowed.