HP-UX Kernel Cryptographic Module 2.1 User Guide (766149-002, April 2014)

1 Overview

The HP-UX Kernel Cryptographic Module ( HP-UX KCM ) is a common cryptographic library in

HP-UX Kernel. It is a library of core cryptographic algorithms, which are used by HP-UX Kernel

products.

HP-UX KCM implements FIPS 140-2 compliant algorithms for commonly used cryptographic

operations such as data encryption/decryption, sign/verify, digest, HMAC, and random number

HP-UX KCM is available in HP-UX Kernel as a dynamically loadable library with well-defined

interfaces to invoke the crypto functions. This helps to bring modularity and standardization in the

usage of crypto algorithms across the HP-UX Kernel products. HP-UX KCM is available on HP

Integrity platform running HP-UX 11iv3.

The interfaces supported by the library follows RSA Security Inc. PKCS #11 Cryptographic Token

Interface (Cryptoki) v 2.20 specification.

This section discusses the new features available in the HP-UX KCM 2.1 version.

HP-UX Kernel Cryptographic Module 1.0 has been awarded FIPS 140-2 Level 1 certificate

(Certificate #2079).

HP-UX KCM 2.1 depot includes FIPS 140-2 certified HP-UX Kernel Cryptographic Module 1.0 and

KCM 2.1 which is the Non-FIPS version of the library.

The table below lists the FIPS 140-2 compliant algorithms, key lengths, modes, and operations

implemented by HP-UX KCM.

Symmetric key operations (FIPS-197

Generate, Encrypt, and

128, 192, and 256

Key-Hash Message Authentication Code

(HMAC)