1 Overview
The HP-UX Kernel Cryptographic Module ( HP-UX KCM ) is a common cryptographic library in HP-UX Kernel. It is a library of core cryptographic algorithms, which are used by HP-UX Kernel products.
HP-UX KCM implements FIPS 140-2 compliant algorithms for commonly used cryptographic operations such as data encryption/decryption, sign/verify, digest, HMAC, and random number generation.
HP-UX KCM is available in HP-UX Kernel as a dynamically loadable library with well-defined interfaces to invoke the crypto functions. This helps to bring modularity and standardization in the usage of crypto algorithms across the HP-UX Kernel products. HP-UX KCM is available on HP Integrity platform running HP-UX 11iv3.
HP-UX KCM is undergoing FIPS 140-2 Level 1 validation and is currently in NIST Review Pending state.
The interfaces supported by the library follows RSA Security Inc. PKCS#11 V.2.20 specification.
For more information on PKCS, see PKCS #11 v2.20: Cryptographic Token Interface Standard document.
NOTE: This link will take you outside the Hewlett-Packard (HP) Web site. HP does not control and is not responsible for information outside of HP.com.
Supported configuration
The supported configuration for HPUX-KCM is HP-UX 11i v3 for HP Integrity Servers.
Features provided in this release
This section discusses the new features available in the HP-UX KCM version 1.0.
The table below lists the FIPS 140-2 compliant algorithms, key lengths, modes, and operations implemented by HP-UX KCM 1.0.
FIPS algo | Key size | Operations | Purpose |
| | | |
AES | 128, 192, and 256 | Generate, Encrypt, and | Symmetric key operations (FIPS-197 |
| Mode: CBC | Decrypt | compliant) |
| | |
| | | |
RSA | 2048 | Generate key pair, Sign, | Asymmetric key operations |
| | Verify, Wrap key, and | (FIPS 186-3 and PKCS#1 v1.5 compliant) |
| | Unwrap key |
| | |
| | | |
SHA-2 | 256, 384, and 512 | Digest | Digest operations (FIPS 180-3 compliant) |
| | | |
HMAC-SHA2 | 256, 384, and 512 | Digest (with key) | Key-Hash Message Authentication Code |
| | | (HMAC) |
| | | |
RNG | | Generate random | NIST SP800-90A compliant DRBG |
| | | |
HP-UX KCM also implements the following algorithms, which are required for supportability purposes even though they are not FIPS 140-2 compliant.
Non FIPS algo | Key size | Operations | Purpose |
| | | |
AES | 128, 192, and 256 | Generate, Encrypt, and | Symmetric key operations |
| Mode: CFB | Decrypt | |
| | |
| | | |