Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-C Micro Edition
41424344454647484950
Secure Operation of Crypto-C ME 41
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
2.3 Modes of Operation
The following table lists the available mode filters to determine the mode
Crypto-C ME operates in and the algorithms allowed.
In each mode of operation, the complete set of services, which are listed in this
Security Policy, are available to both the Crypto Officer and Crypto User roles (with
the exception of
R_PROV_FIPS140_self_tests_full(), which is always
reserved for the Crypto Officer).
Note: Cryptographic keys must not be shared between modes. For example, a
key generated FIPS 140-2 mode must not be shared with an application
running in a non-FIPS 140-2 mode.
Table 13 Crypto-C ME Mode Filters
Mode Description
R_MODE_FILTER_FIPS140
FIPS 140-2-approved.
Implements FIPS 140-2 mode and provides the cryptographic algorithms listed in
Table 4. The default pseudo-random number generator (PRNG) is CTR DRBG.
R_MODE_FILTER_FIPS140_SSL
FIPS 140-2-approved if used with TLS protocol implementations.
Implements FIPS 140-2 SSL mode and provides the same algorithms as
R_LIB_CTX_MODE_FIPS140, plus the MD5 message digest algorithm.
This mode can be used in the context of the key establishment phase in the TLS 1.0
and TLS 1.1 protocol. For more information, see Section D.2, “Acceptable Key
Establishment Protocols,” in
Implementation Guidance for FIPS PUB 140-2 and the
Cryptographic Module Validation Program.
The implementation guidance disallows the use of the SSLv2 and SSLv3 versions.
Cipher suites including non-FIPS 140-2- approved algorithms are unavailable.
This mode allows implementations of the TLS protocol to operate Crypto-C ME in
a FIPS 140-2-compliant manner with CTR DRBG as the default PRNG.
R_MODE_FILTER_JCMVP
Not FIPS 140-2-approved.
Implements Japan Cryptographic Module Validation Program (JCMVP) mode and
provides the cryptographic algorithms approved by the JCMVP.
R_MODE_FILTER_JCMVP_SSL
Not FIPS 140-2-approved.
Implements JCMVP SSL mode and provides the cryptographic algorithms
approved by the JCMVP, plus the MD5 message digest algorithm.