Key Generation; Key Input/Output - Polycom VSX 3000 Manual

Non-Proprietary Security Policy, Version 1.0
Key Key Type
x.509 certificate 1024 bits RSA
(RSA Public public key
key)
RSA Private key 1024 bits RSA
private key
Diffie-Hellman 1024 bits
public key public key
Diffie-Hellman 1024 bits
private key private key
Integrity Check 1024 bits DSA
Key Public key
Session Key 192 bits TDES
CBC key
IP Encryption 128 bits AES
Key CBC key
ISDN 128, 192, 256
Encryption Key bits AES OFB
keys
PRNG seed 20 bytes of
seed value
1.7.1

Key Generation

The modules generate symmetric keys and FIPS-approved PRNG seeds internally. The symmetric keys (Session
Key, IP Encryption Key, and ISDN Encryption Key) and Diffie-Hellman key pair are generated using a FIPS-
approved 186-2 Appendix 3.1 algorithm. Twenty bytes of hardware generated noise is used to create a PRNG seed,
and RSA key pair is generated externally and input into the module in plaintext.
1.7.2

Key Input/Output

Rivest, Shamir, Adleman (RSA) key pair is generated externally and input to the modules in plaintext. The RSA
private key and DH private key never exit the module, while the public keys are output in plaintext. The Session key
exits the module in encrypted form during TLS handshakes (protected within RSA key transport). The IP Encryption
Key and ISDN Encryption Key are never output from the module. Other CSPs and keys, such as the Integrity Check
Key and PRNG seed are never output from the modules.
Polycom VSX 3000, VSX 5000, and VSX 7000s
© 2007 Polycom, Inc. -
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Generation / Output
Input
Generated Output in
externally, input plaintext
in plaintext
Generated Never exits the
externally, input module
in plaintext
Generated Output in
internally plaintext
Generated Never exits the
internally module
Generated Never exits the
externally, module
inputted in
plaintext
Generated Exits in
internally during encrypted form
TLS handshake (RSA key
transport)
Generated Never exits the
internally during module
Diffie-Hellman
key agreement
Generated Never exits the
internally during module
Diffie-Hellman
key agreement
Internally Never exits the
generated module
Storage Zeroization
Stored in Flash Erasing the flash
in plaintext image
Stored in Flash Erasing the flash
in plaintext image
Stored in Zerorized on
volatile reboot.
memory
Stored in Zerorized on
volatile reboot.
memory
Stored in Flash Erasing the flash
in plaintext image
Held in volatile Zerorized on
memory in reboot.
plaintext.
Held in volatile Zerorized on
memory in reboot.
plaintext.
Held in volatile Zerorized on
memory in reboot.
plaintext.
Held in volatile Zerorized on
memory only in reboot
plaintext.
June 15, 2007
Use
Authenticates the
module during
TLS handshake
Authenticates the
module during
TLS handshake
Establishes a
session key (IP or
ISDN Encryption
Key) during
H.323 negotiation
Establishes a
session key (IP or
ISDN Encryption
Key) during
H.323 negotiation
Checks integrity
of the software at
power-up of the
module
Encrypts TLS
traffic
Encrypts IP calls
Encrypts ISDN
calls
Produce FIPS
approved random
number
Page 18 of 23