Reference Guide
Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy|23
Table 6 CSPs/Keys Used in Aruba Controllers
29 RSA Private Key
RSA 2048 bit private
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates
30 RSA public key
RSA 2048 bit public
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates
31 ECDSA Private Key
ECDSA suite B P-256
and P-384 curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake.
32 ECDSA Public Key
ECDSA suite B P-256
and P-384 curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake.
33
802.11i Pre-Shared
Key (PSK)
8-63 character 802.11i
pre-shared secret for
use in 802.11i (SP
800‐108) key derivation
CO configured
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by the 802.11i
protocol
34
802.11i Pair-Wise
Master key (PMK)
802.11i secret key
(256-bit)
Derived during the
EAP-TLS/PEAP
handshake
Stored in the volatile
memory. Zeroized on
reboot.
Used by the 802.11i
protocol
35 802.11i session key
AES-CCM key (128
bits), AES-GCM key
(128/256 bits)
Derived from 802.11
PMK
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Used for 802.11i
encryption
36 SNMPv3
authentication
8-64 character
password
CO configured
Stored in flash
memory encrypted
with KEK. Zeroized
Used for SNMPv3
authentication