Table of Contents
Advertisement
Security Policy, version 1.0
Key
Key Type
Client AES
128, 192 or
key
256-bit AES
key
Client
3DES key
3DES key
Client RSA
RSA public
public keys
key
Client RSA
RSA private
keys
keys
Client
HMAC keys
HMAC keys
Client
X.509
certificate
certificate
Crypto
Character
Officer
string
passwords
User
Character
passwords
string
Cluster
Character
Member
string
password
HP User
2048-bit RSA
RSA public
public key
key
Cluster key Character
string
Firmware
1024-bit RSA
upgrade
public key
key
HP StorageWorks Secure Key Manager
Generation /
Output
Input
Generated by
Via TLS in
ANSI X9.31
encrypted form
DRNG
(encrypted with
TLS Ks) per
client's request
Generated by
Via TLS in
ANSI X9.31
encrypted form
DRNG
(encrypted with
TLS Ks) per
client's request
Generated by
Via TLS in
ANSI X9.31
encrypted form
DRNG
(encrypted with
TLS Ks) per
client's request
Generated by
Via TLS in
ANSI X9.31
encrypted form
DRNG
(encrypted with
TLS Ks) per
client's request
Generated by
Via TLS in
ANSI X9.31
encrypted form
DRNG
(encrypted with
TLS Ks) per
client's request
Input in
Via TLS in
ciphertext
encrypted form
over TLS
(encrypted with
TLS Ks) per
client's request
Input in
Never
plaintext
Input in
Never
plaintext
Input in
Never
ciphertext
over TLS
Input in
Never
plaintext at
factory
Input in
Never
ciphertext
over TLS
Input in
Never
plaintext at
factory
© 2008 Hewlett-Packard Company
This document may be freely reproduced in its original entirety.
Storage
Zeroization
Encrypted in
Per client's
non-volatile
request or zeroize
memory
request
Encrypted in
Per client's
non-volatile
request or zeroize
memory
request
Encrypted in
At operator delete Sign
non-volatile
memory
Encrypted in
Per client's
non-volatile
request or zeroize
memory
request
Encrypted in
Per client's
non-volatile
request or zeroize
memory
request
In non-volatile
Per client's
memory
request or by
zeroize request
In non-volatile
At operator delete
memory
or by zeroize
request
In non-volatile
At operator delete
memory
or by zeroize
request
In non-volatile
At operator delete
memory
or zeroize request
In non-volatile
At installation of a
memory
patch or new
firmware
In non-volatile
At operator delete
memory
or by zeroize
request
In non-volatile
When new
memory
firmware upgrade
key is input
January 31, 2008
Use
Encrypt
plaintexts/decrypt
ciphertexts
Encrypt
plaintexts/decrypt
ciphertexts
messages/verify
signatures
Sign
messages/verify
signatures
Compute keyed-
MACs
Encrypt
data/verify
signatures
Authenticate
Crypto Officer
Authenticate
User
When a device
attempts to
become a
Cluster Member
Authenticate HP
User
Authenticate
Cluster Member
Used in firmware
upgrade integrity
test
Page 18 of 26
Advertisement
Table of Contents
