Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks NN46120-104 manual SHA-1

Models: NN46120-104

1 300
Download 300 pages 2.66 Kb
Page 236
Image 236

236HSM Security Policy

Algorithm

How it is used by the HSM module

Used in

FIPS 140-1

Mode?

3DES

Used to generate Pseudo-random numbers using the X9.17

Yes

 

Appendix C PRNG algorithm for the purposes of key generation of

 

 

RSA and 3DES keys.

 

 

Encryption/decryption of every key stored in persistence storage

 

 

within the module using the Master Key. Wrapping (encryption)

 

 

of Private RSA Keys using the Key-Wrapping-Key for archival

 

 

purposes. Unwrapping (decryption) of Private RSA Keys using the

 

 

Key-Wrapping-Key for the purpose of restoring an archived key.

 

 

Note: The 3DES Encrypt and Decrypt services are not available for

 

 

this algorithm in FIPS mode because keys are entered in plaintext.

 

 

 

 

RSA Si

Generation and verification of digital signatures using the RSA

Yes

gnature/

algorithm, in accordance with the PKCS #1 specification. Keys

 

Verification

pairs of modulus size in the range 192 through 1024 bits, in 64

 

 

bit increments. Note: The message digest operation of the digital

 

 

signature and verification function is performed outside of the

 

 

cryptographic boundary for performance reasons. After the digest

 

 

is computed outside the module, the module formats and pads the

 

 

message digest according to the PKCS #1 standard and then uses

 

 

the RSA algorithm to compute the digital signature.

 

 

 

 

SHA-1

Hashing of host-provided data. Hashing for the purpose of verifying

Yes

 

the RSA digital signature of a firmware image. Hashing a 3DES key

 

 

for the purpose of checking its integrity after it is split and then the

 

 

corresponding shares combined.

 

 

 

 

MD5

The module provides services to compute an MD5 message digest.

No

 

As this algorithm is not FIPS-approved, the corresponding services

 

 

are not available in the FIPS 140-1 Mode.

 

 

 

 

HMAC

The module provides a service to compute HMAC using SHA-1. As

No

(SHA-1)

currently implemented, the service requires the MAC key to be input

 

 

unencrypted through the PCI interface, and therefore this service is

 

 

not available in the FIPS 140-1 Mode.

 

 

 

 

HMAC

The module provides a service to compute HMAC using MD5.

No

(MD5)

Because MD5 is not a FIPS-approved algorithm, this service is not

 

 

available in the FIPS 140-1 Mode.

 

 

 

 

RC4

The module provides services for encryption/decryption with RC4.

No

 

Because RC4 is not a FIPS-approved algorithm, the corresponding

 

 

services are not available in the FIPS 140-1 Mode.

 

 

 

 

DSA

The module provides services for generating and verifying DSA

No

 

signatures. As currently implemented, the private key for signature

 

 

generation must be input through the PCI interface. Therefore,

 

 

this algorithm is not available in the FIPS 140-1 Mode. Keys pairs

 

 

of modulus size in the range 512 through 1024 bits, in 64 bit

 

 

increments.

 

 

 

 

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 235 Page 237
Page 236
Image 236
Nortel Networks NN46120-104 manual SHA-1
Page 235 Page 237