Specifications
© Copyright 2007 Cisco Systems, Inc. Page 13 of 26
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Figure 7 – 2851 Tamper Evident Label Placement on the Opacity Shield
2.4 Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters
such as passwords. The tamper evidence seals provide physical protection for all keys. All keys
are also protected by the password-protection on the Crypto Officer role login, and can be
zeroized by the Crypto Officer. All zeroization consists of overwriting the memory that stored
the key. Keys are exchanged and entered electronically or via Internet Key Exchange (IKE) or
SSL handshake protocols.
The routers support the following FIPS-2 approved algorithm implementations:
Algorithm Algorithm Certificate Number
Software (IOS) Implementations
AES 795
Triple-DES 683
SHA-1, SHA-256, SHA-512 794
HMAC-SHA-1 436
X9.31 PRNG 456
RSA 379
Onboard Safenet Implementations
AES 96
Triple-DES 210
SHA-1 317
HMAC-SHA-1 50
AIM Module Implementations
AES 173