Table of Contents
Advertisement
Algorithm
Elliptic-Curve P-256 Key Pair Generation
Elliptic-Curve P-256 DSA (ECDSA)
SSH Key Derivation
Note: The TLS protocol has not been reviewed or
tested by the CAVP and CMVP
SP800-90A CTR DRBG
Caveat: Additional information concerning SHA-1 and specific guidance on
transitions to the use of more robust hashing algorithms is contained in NIST
Special Publication 800-131A.
When operating in the Permanent Encryption and Encryption Enabled Approved
Modes, the ETD receives data from an OKM cluster wrapped with AES Key
Wrap. AES Key Wrap, as defined in SP 800-38F, is an approved key wrapping,
key establishment methodology.
AES (Cert #4047, Key Wrapping provides 256 bits of encryption strength)
The following non-Approved methods are allowed for use, as described, in the
Permanent Encryption, and Encryption Enabled Modes:
RSA (Key wrapping; key establishment methodology provides 112 bits of
EC Diffie-Hellman (key agreement; key establishment methodology
Diffie-Hellman (key agreement; key establishment methodology provides
The module provides a Non-Deterministic Random Number Generator
The module provides MD5 for use with TLS 1.0 protocol.
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
encryption strength)
provides 128 bits of encryption strength)
112 bits of encryption strength)
(NDRNG) as the entropy source to the FIPS-Approved SP 800-90A CTR
DRBG. The NDRNG provides a minimum of 384-bits to the DRBG for
use in key generation.
© Copyright 2017 Oracle Corporation
Implementation Description
Performs Key Generation in support of SSH
with NIST curve P-256
Performs session establishment in support of
SSH, with NIST curve P-256
SSH Key Derivation (SP800-135 rev1; Section
5.2)
Generates random numbers for nonces and
keys for multiple services including SSH
Certificate
Number
905
905
866
1209
Page 31 of 51
Advertisement
Table of Contents
