canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
→Key Generation
| Line 22: | Line 22: | ||
The <code>FC_GenerateKey</code> and <code>FC_GenerateKeyPair</code> functions of the NSS cryptographic module perform key generation. <code>FC_GenerateKey</code> generates secret keys and domain parameters, and <code>FC_GenerateKeyPair</code> generates public/private key pairs. | The <code>FC_GenerateKey</code> and <code>FC_GenerateKeyPair</code> functions of the NSS cryptographic module perform key generation. <code>FC_GenerateKey</code> generates secret keys and domain parameters, and <code>FC_GenerateKeyPair</code> generates public/private key pairs. | ||
Approved | Approved ken generation methods for Approved security functions | ||
* Symmetric key | * Symmetric key | ||
** AES: FIPS 197 | ** AES: FIPS 197 | ||
** Triple DES | ** Triple DES: check weak keys | ||
* Asymmetric key | * Asymmetric key | ||
** DSA, RSA and ECDSA: FIPS 186-2 with Change Notice 1, PKCS #1 v2.1 (algorithm RSASSA-PKCS1-v1_5) | ** DSA, RSA and ECDSA: FIPS 186-2 with Change Notice 1, PKCS #1 v2.1 (algorithm RSASSA-PKCS1-v1_5) | ||
** DSA domain parameters (PQG) | |||
* Keyed hash | * Keyed hash | ||
** HMAC: FIPS 198 | ** HMAC: FIPS 198. HMAC secret keys have the PKCS #11 generic secret key type. They can be generated using the PKCS #11 <code>CKM_GENERIC_SECRET_KEY_GEN</code> mechanism. The length of the key to be generated is specified by the <code>CKA_VALUE_LEN</code> attribute. | ||
The prime numbers that are generated for both RSA and DSA are tested using FIPS 186-2 [APPENDIX 2.1. A PROBABILISTIC PRIMALITY TEST] -- | The prime numbers that are generated for both RSA and DSA are tested using FIPS 186-2 [APPENDIX 2.1. A PROBABILISTIC PRIMALITY TEST] -- | ||