Reference Guide
31
6 Critical Security Parameters
The following Critical Security Parameters (CSPs) are used by the module:
Table 10 - Critical Security Parameters
#
Name CSPs type Generation
Storage and
Zeroization
Use
1
Key Encryption Key
(KEK)
Triple-DES 168-bit key
Hardcoded during
manufacturing
Stored in Flash.
Zeroized by using
command ‘ap wipe
out flash’
Encrypts
IKEv1/IKEv2 Pre-
shared key, ECDSA
private key and
configuration
parameters.
2
DRBG entropy input
SP800-90a DRBG (512
bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
3
DRBG seed
SP800-90a DRBG (384
bits)
Generated per SP800-
90A using a derivation
function
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
4
DRBG Key SP800-90a (256 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
5
DRBG V SP800-90a (128 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
6
RNG seed
FIPS 186-2 RNG Seed
(512 bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Seed 186-2 General
purpose (x-change
Notice); SHA-1 RNG