Cisco Cat4K NDPP ST 11 March 2014
EDCS-1228241
44
ANSI X9.80 (3 January 2000), “Prime Number
Generation, Primality Testing, and Primality
Certificates” using random integers with deterministic
tests, or constructive generation methods
Generated key strength shall be equivalent to, or
greater than, a symmetric key strength of 112 bits using
conservative estimates.
c) Case: For domain parameters used in RSA-based key
establishment schemes
NIST Special Publication 800-56B “Recommendation
for Pair-Wise Key Establishment Schemes Using
Integer Factorization Cryptography”
5.2.2.2 FCS_CKM_EXT.4: Cryptographic key zeroization
FCS_CKM_EXT.4.1 The TSF shall zeroize all plaintext secret and private
cryptographic keys and CSPs when no longer required.
5.2.2.3 FCS_COP.1(1): Cryptographic operation (for data encryption/decryption)
FCS_COP.1.1(1) The TSF shall perform [encryption and decryption] in
accordance with a specified cryptographic algorithm [AES
operating in [CBC mode]] and cryptographic key sizes 128-
bits, 256-bits, and [no other key sizes] that meets the
following:
FIPS PUB 197, “Advanced Encryption Standard
(AES)”
[NIST SP 800-38A, NIST SP 800-38D].
5.2.2.4 FCS_COP.1(2): Cryptographic operation (for cryptographic signature)
FCS_COP.1.1(2) The TSF shall perform cryptographic signature services in
accordance with a [(2) RSA Digital Signature Algorithm
(rDSA) with a key size (modulus) of 2048 bits or greater] that
meets the following:
Case: RSA Digital Signature Algorithm
[FIPS PUB 186-3, “Digital Signature Standard]
5.2.2.5 FCS_COP.1(3): Cryptographic operation (for cryptographic hashing)
FCS_COP.1.1(3) The TSF shall perform [cryptographic hashing services] in
accordance with a specified cryptographic algorithm [SHA-1,
To Next Page
Loading...
