User's Manual

ManualsBrandsHP ManualsSoftwareHP-UX Kernel Cryptographic Module (KCM)

1 Overview

The HP-UX Kernel Cryptographic Module ( HP-UX KCM ) is a common cryptographic library in

HP-UX Kernel. It is a library of core cryptographic algorithms, which are used by HP-UX Kernel

products.

HP-UX KCM implements FIPS 140-2 compliant algorithms for commonly used cryptographic

operations such as data encryption/decryption, sign/verify, digest, HMAC, and random number

generation.

HP-UX KCM is available in HP-UX Kernel as a dynamically loadable library with well-defined

interfaces to invoke the crypto functions. This helps to bring modularity and standardization in the

usage of crypto algorithms across the HP-UX Kernel products. HP-UX KCM is available on HP

Integrity platform running HP-UX 11iv3.

HP-UX KCM is undergoing FIPS 140-2 Level 1 validation and is currently in NIST Review Pending

state.

The interfaces supported by the library follows RSA Security Inc. PKCS#11 V.2.20 specification.

For more information on PKCS, see PKCS #11 v2.20: Cryptographic Token Interface Standard

document.

NOTE: This link will take you outside the Hewlett-Packard (HP) Web site. HP does not control

and is not responsible for information outside of HP.com.

Supported configuration

The supported configuration for HPUX-KCM is HP-UX 11i v3 for HP Integrity Servers.

Features provided in this release

This section discusses the new features available in the HP-UX KCM version 1.0.

The table below lists the FIPS 140-2 compliant algorithms, key lengths, modes, and operations

implemented by HP-UX KCM 1.0.

PurposeOperationsKey sizeFIPS algo

Symmetric key operations (FIPS-197

compliant)

Generate, Encrypt, and

Decrypt

128, 192, and 256

Mode: CBC

AES

Asymmetric key operationsGenerate key pair, Sign,

Verify, Wrap key, and

Unwrap key

2048RSA

(FIPS 186-3 and PKCS#1 v1.5 compliant)

Digest operations (FIPS 180-3 compliant)Digest256, 384, and 512SHA-2

Key-Hash Message Authentication Code

(HMAC)

Digest (with key)256, 384, and 512HMAC-SHA2

NIST SP800-90A compliant DRBGGenerate randomRNG

HP-UX KCM also implements the following algorithms, which are required for supportability purposes

even though they are not FIPS 140-2 compliant.

PurposeOperationsKey sizeNon FIPS algo

Symmetric key operationsGenerate, Encrypt, and

Decrypt

128, 192, and 256

Mode: CFB

AES

4 Overview