background image
2
Preface
RSA BSAFE Crypto-J 4.1 Security Policy
1Preface
This document is a non-proprietary security policy for the Crypto-J cryptographic
toolkit from RSA, the Security Division of EMC (RSA). This security policy
describes how the Crypto-J toolkit meets the security requirements of FIPS 140-2, and
how to securely operate it. This policy is prepared as part of the Level 1 FIPS 140-2
validation of the Crypto-J toolkit.
Crypto-J provides both the JSAFE and JCE Application Programming Interfaces
(APIs), in the cryptojFIPS.jar file. All references to the Crypto-J toolkit apply to
both interfaces unless explicitly noted.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2 - Security
Requirements for Cryptographic Modules) details the U.S. Government requirements
for cryptographic modules. More information about the FIPS 140-2 standard and
validation program is available on the NIST website.
1.1 References
This document deals only with operations and capabilities of the Crypto-J in the
technical terms of a FIPS 140-2 cryptographic toolkit security policy. More
information on Crypto-J and the entire RSA BSAFE product line is available at:
·
http://www.rsa.com/, for information on the full line of products and
services.
·
http://www.rsa.com/node.aspx?id=1319 for an overview of security tools
for Java developers.
·
http://www.rsa.com/node.aspx?id=1204 for an overview of the RSA
BSAFE product range.
·
"Contacting RSA" on page 26 for answers to technical or sales related questions.