Secure Operation of Crypto-J
21
RSA BSAFE Crypto-J 4.1 Security Policy
3.5 Modes of Operation
There are five modes of operation:
·
FIPS140_MODE
·
FIPS140_SSL_MODE
·
NON_FIPS140_MODE
·
FIPS140_ECC_MODE
·
FIPS140_SSL_ECC_MODE.
The following table lists the values that can be used in the setMode() method to
change the mode of operation, and the algorithms available in that mode.
Note:
number generator for the available algorithms.
Table 5
Values in setMode to Change the Mode of Operation
Value in setMode()
Algorithms Available
CryptoJ.FIPS140_MODE
FIPS 140-2 approved.
default mode on start up.
CryptoJ.FIPS140_SSL_MODE
FIPS 140-2 approved if used with TLS
protocol implementations.
Provides the same algorithms as CryptoJ.FIPS140_MODE, plus
the MD5 message digest.
This mode can be used in the context of the key establishment phase
in the TLSv1, TLSv1.1 and TLSv1.2 protocols. For more
information, see section 7.1 Acceptable Key Establishment
The implementation guidance disallows the use of the SSLv2 and
SSLv3 versions. Cipher suites that include non-FIPS
140-2-approved algorithms are unavailable.
This mode allows implementations of the TLS protocol to operate
Crypto-J in a FIPS 140-2-compliant manner.
CryptoJ.NON_FIPS140_MODE
Not FIPS 140-2 approved.
Allows users to operate Crypto-J without any cryptographic
algorithm restrictions.
CryptoJ.FIPS140_ECC_MODE
Not FIPS 140-2 approved.
Provides the same algorithms as CryptoJ.FIPS140_MODE, plus
ECAES and ECIES.
CryptoJ.FIPS140_SSL_ECC_MODE
Not FIPS 140-2 approved.
Provides the same algorithms as CryptoJ.FIPS140_SSL_MODE,
plus ECAES and ECIES. The same restrictions with respect to
protocol versions and cipher suites as in
CryptoJ.FIPS140_SSL_MODE apply.