Table of Contents
Advertisement
Key
Key Type
SSH_HOST_PUB
RSA 2048-bit Public
Key
ECDSA P256 Curve
Public Key
SSH_SK
AES CTR 128-bit
AES CBC 128-bit
SSH_SA
HMAC SHA-1 (112-
bits)
SSH_KEX_PRI
ECDH P-256 Curve
(128-bits) or FFC
DH Group 14 (112-
bits)
SSH_KEX_PUB
ECDH P-256 Curve
(128-bits) or FFC
DH Group 14 (112-
bits)
CA_Cert
RSA 2048-bit public
Key
Key Wrap Key
RSA 2048-bit public
Public Key
key
(KWKPublicKey)
52
CA – Certificate Authority
Generation / Input
Generated internally
Output plaintext
via Approved DRBG
Generated internally
Output encrypted via
via SSH PRF
DEKey
Generated internally
Output encrypted via
via SSH PRF
DEKey
Generated internally
Output encrypted via
via ECDH or FFC
DEKey
DH
Generated internally
Output encrypted
via ECDH or FFC
via SSH_SK
DH
Generated externally.
Output encrypted via
Input in plaintext via
DEKey
52
CA
Generated externally;
Output encrypted via
Input encrypted via
DEKey
TLS_ECK
© Copyright 2017 Oracle Corporation
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
Output
Storage
Plaintext in
EEPROM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in
EEPROM and RAM
Plaintext in
EEPROM and RAM
Page 35 of 51
Zeroization
Use
"Reset" service;
SSH Authentication
Power cycle;
Switch Approved
Mode
"Reset" service;
SSH Session Keys
Power cycle;
(per SSH 2.0)
Switch Approved
Mode
"Reset" service;
SSH Session integrity
Power cycle;
Keys
Switch Approved
(per SSH 2.0)
Mode
"Reset" service;
SSH Key Exchange
Power cycle;
Private Key (per SSH
Switch Approved
2.0)
Mode
Power cycle;
SSH Key Exchange
Switch Approved
Public Key (per SSH
Mode
2.0)
"Reset" service;
Authenticate the OKM
Switch Approved
cluster appliance to the
Mode
module during TLS
session
"Reset" service;
Wrap AKWK to be
Switch Approved
sent to OKM cluster
Mode
Advertisement
Table of Contents
