Reference Guide
26 Chapter 4: Changes Between MES 4.3.1 and 4.4
RSA BSAFE Micro Edition Suite 4.4 Migration Guide
Cryptographic API Changes
Asymmetric Key Operations
Asymmetric Key Assurance
The proper management and use of cryptographic keys is essential to the use of
cryptography for security. NIST provides a wealth of guidance for the management of
keys, and this is included in the FIPS 140-2 standard. Even when FIPS 140-2
compliance is not required for an application, following the NIST guidance is
recommended.
NIST is introducing new guidance for key establishment which will be a requirement
for FIPS 140-2 applications. This guidance will be available when the standards are
finalized. See Transition Plans for Key Establishment Schemes using Public Key
Cryptography for more information.
One central aspect of the new guidance is the requirement of cryptographic key users
to gain assurance that keys can be used safely. In particular, the guidance describes
cryptographic tests that must be performed by FIPS 140-2 applications when keys are
received from a third party, whether trusted or untrusted. This process is known as key
validation.
RSA strongly recommends the use of key validation where keys are imported into all
applications
MES 4.4 includes key validation functionality as described in
SP 800-56A revision 3 and SP 800-56B revision 2.
Key validation is not performed automatically in MES. Explicit function calls to
validate keys should be added to applications where keys are received from third
parties.
For more information, see the Asymmetric Key Management > Asymmetric Key
Assurance and Validation section in the RSA BSAFE Micro Edition Suite Developers
Guide.
DSA Key and Key Parameter Generation
With the release of MES 4.4, some of the information identifiers for FIPS 186-2 and
FIPS 186-4 DSA key parameter generation are changed.