Reference Guide

Crypto-C ME Cryptographic Toolkit 15

RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy

Level 1

2.4 Cryptographic Key Management

Cryptographic key management is concerned with generating and storing keys,

managing access to keys, protecting keys during use, and zeroizing keys when they

are not longer required.

2.4.1 Key Generation

Crypto-C ME supports the generation of DSA, RSA, Diffie-Hellman (DH) and Elliptic

Curve Cryptography (ECC) public and private keys. Also, Crypto-C ME uses the CTR

Deterministic Random Bit Generator (CTR DRBG) as the default pseudo-random

number generator (PRNG) for asymmetric and symmetric keys used in algorithms

such as AES, Triple DES, RSA, DSA, Diffie-Hellman, ECC, and HMAC.

2.4.2 Key Storage

Crypto-C ME does not provide long-term cryptographic key storage. If a user chooses

to store keys, the user is responsible for storing keys exported from the module.

The following table lists all keys and CSPs in the module and where they are stored.

Table 2 Key Storage

Key or CSP Storage

Hardcoded DSA public key Persistent storage embedded in the module

binary (encrypted).

Hardcoded AES key Persistent storage embedded in the module

binary (plaintext).

AES keys Volatile memory only (plaintext).

Triple-DES keys Volatile memory only (plaintext).

HMAC with SHA-1 and SHA-2 keys

(SHA-224, SHA-256, SHA-384, SHA-512,

SHA-512/224, and SHA-512/256)

Volatile memory only (plaintext).

Diffie-Hellman public/private keys Volatile memory only (plaintext).

ECC public/private keys Volatile memory only (plaintext).

RSA public/private keys Volatile memory only (plaintext).

DSA public/private keys Volatile memory only (plaintext).

CTR DRBG entropy Volatile memory only (plaintext).

CTR DRBG V value Volatile memory only (plaintext).

CTR DRBG key Volatile memory only (plaintext).