1 Overview

The HP-UX Kernel Cryptographic Module ( HP-UX KCM ) is a common cryptographic library in HP-UX Kernel. It is a library of core cryptographic algorithms, which are used by HP-UX Kernel products.

HP-UX KCM implements FIPS 140-2 compliant algorithms for commonly used cryptographic operations such as data encryption/decryption, sign/verify, digest, HMAC, and random number generation.

HP-UX KCM is available in HP-UX Kernel as a dynamically loadable library with well-defined interfaces to invoke the crypto functions. This helps to bring modularity and standardization in the usage of crypto algorithms across the HP-UX Kernel products. HP-UX KCM is available on HP Integrity platform running HP-UX 11iv3.

HP-UX KCM is undergoing FIPS 140-2 Level 1 validation and is currently in NIST Review Pending state.

The interfaces supported by the library follows RSA Security Inc. PKCS#11 V.2.20 specification.

For more information on PKCS, see PKCS #11 v2.20: Cryptographic Token Interface Standard document.

NOTE: This link will take you outside the Hewlett-Packard (HP) Web site. HP does not control and is not responsible for information outside of HP.com.

Supported configuration

The supported configuration for HPUX-KCM is HP-UX 11i v3 for HP Integrity Servers.

Features provided in this release

This section discusses the new features available in the HP-UX KCM version 1.0.

The table below lists the FIPS 140-2 compliant algorithms, key lengths, modes, and operations implemented by HP-UX KCM 1.0.

FIPS algo

Key size

Operations

Purpose

AES

128, 192, and 256 Generate, Encrypt, and

Symmetric key operations (FIPS-197

 

Mode: CBC

Decrypt

compliant)

 

 

 

RSA

2048

Generate key pair, Sign,

Asymmetric key operations

 

 

Verify, Wrap key, and

(FIPS 186-3 and PKCS#1 v1.5 compliant)

 

 

Unwrap key

 

 

 

SHA-2

256, 384, and 512

Digest

Digest operations (FIPS 180-3 compliant)

HMAC-SHA2

256, 384, and 512

Digest (with key)

Key-Hash Message Authentication Code

 

 

 

(HMAC)

RNG

 

Generate random

NIST SP800-90A compliant DRBG

HP-UX KCM also implements the following algorithms, which are required for supportability purposes even though they are not FIPS 140-2 compliant.

Non FIPS algo

Key size

Operations

Purpose

AES

128, 192, and 256

Generate, Encrypt, and

Symmetric key operations

 

Mode: CFB

Decrypt

 

 

 

 

4Overview

Page 4
Image 4
HP UX Kernel Cryptographic Module (KCM) manual Overview, Supported configuration, Features provided in this release