background image
Secure Operation of Crypto-J
19
RSA BSAFE Crypto-J 4.1 Security Policy
3 Secure Operation of Crypto-J
Crypto-J does not require any special configuration to operate in conformance with
FIPS 140-2 requirements. The following guidance must be followed, however, to
achieve a FIPS140 mode of operation.
3.1 Crypto User Guidance
The Crypto User must only use algorithms approved for use in a FIPS 140 mode of
operation, as listed in Table 4, "Crypto-J FIPS-approved Algorithms," on page 15.
The requirements for using the approved algorithms in a FIPS 140 mode of operation
are as follows:
·
The bit-length for a DSA key pair must be 1024 bits.
·
Random Number Generators must be seeded with values of at least 160 bits in
length.
·
Bit lengths for an RSA1 key pair must be between 1024 and 4096 bits in multiples
of 512.
·
Bit lengths for the Diffie-Hellman2 key agreement must be between 1024 and
2048 bits. Diffie Hellman shared secret provides between 80 bits and 112 bits of
encryption strength.
·
Bit lengths for an HMAC key must be one half of the block size.
·
If RSA key generation is requested in FIPS140 mode, the toolkit always uses the
FIPS140-approved RSA X9.31 key-generation procedure. Key wrapping
methodology provides between 80 and 150 bits of encryption strength.
·
EC key pairs must have domain parameters from the set of NIST-recommended
named curves (P192, P224, P256, P384, P521, B163, B233, B283, B409, B571,
K163, K233, K283, K409, and K571). The domain parameters can be specified by
name or can be explicitly defined. The module limits possible curves for Dual EC
DRBG to P-256, P-384, and P-521 in accordance with SP 800-90.
·
EC Diffie-Hellman primitives must use curve domain parameters from the set of
NIST recommended named curves listed above. The domain parameters can be
specified by name, or can be explicitly defined. Using the NIST-recommended
curves, the computed Diffie-Hellman shared secret provides between 80 bits and
256 bits of encryption strength.
·
When using an Approved RNG to generate keys, the RNG's requested security
strength must be at least as great as the security strength of the key being
generated. For more information on requesting the RNG security strength, see the
Random Number Generation sections of the RSA BSAFE Crypto-J 4.1
Developer's Guide.
1When used for transporting keys and using the minimum allowed modulus size, the minimum strength
of encryption provided is 80 bits.
2Using the minimum allowed modulus size, the minimum strength of encryption provided is 80 bits.