User guide
Aruba Networks Security Target
Page 43 of 67
24
SSHv2 session keys
AES (128/196/256 bits)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
25
SSHv2 session
authentication key
HMAC-SHA-1 (160-bit)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
26
TLS pre-master secret
48 byte secret
Externally generated
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS key agreement
27
TLS session
encryption key
AES 128/192/256 bits
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
encryption
28
TLS session
authentication key
HMAC-SHA-1/256/384
(160/256/384 bits)
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
authentication
29
RSA Private Key
RSA 2048 bit private
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates
30
RSA public key
RSA 2048 bit public
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates
31
ECDSA Private Key
ECDSA suite B P-256
and P-384 curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake.