Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
31323334353637383940
32 Secure Operation of Crypto-C ME
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
112 or 128 bits of encryption strength when using approved modulus
sizes, as listed in Table 4.
between 112 and 256 bits of encryption strength when using allowed
modulus sizes.
less than 112 bits 256 bits of encryption strength when using modulus
sizes that are not allowed.
Digital Signatures.
An approved DRBG must be used for digital signature generation.
Keys used for digital signature generation and verification shall not be used
for any other purpose.
SHA1 is disallowed for the generation of digital signatures.
For DSA:
When generating domain parameters, generation shall comply with
FIPS 186-4 by specifying the algorithm identifier
R_CR_ID_DSA_PARAMETER_GENERATION when creating the R_CR
object.
There are no non-approved but allowed domain parameter set sizes. See
Table 4 for approved domain parameter set sizes.
For ECDSA:
In addition to the approved named curves listed in Table 4, curves with
the domain parameters generated in compliance with the rules specified in
Section 6.1.1 of FIPS 186-4 are approved for signature verification.
The domain parameters can be specified by name, or can be explicitly
defined
The use of these curves is also approved for signature generation if the
key size is at least 224 bits.
There are no non-approved but allowed curves.
For RSA based schemes:
The length of an RSA key pair for digital signature generation must be
greater than or equal to 2048 bits. For digital signature verification, the
length must be greater than or equal to 2048 bits, however 1024 bits is
allowed for legacy-use only. RSA keys shall have a public exponent of an
odd number, equal to or greater than 65537.
For RSASSA-PSS:
If the length of the RSA modulus in bits is 1024 bits, and the output
length of the approved hash function output block is 512 bits, then the
length of the salt (
sLen) shall be 0<=sLen<=hLen - 2
where
hLen is the length of the hash function output block, in bytes or
octets
Otherwise, the length of the salt shall be
0 <=sLen<=hLen.