Table of Contents
Advertisement
Table 19
SRDI/Role/Service Access Policy
CSP 27
CSP 28
CSP 29
CSP 30
CSP 31
The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1,
HMAC-SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and
encryption/decryption (for IKE authentication)), cryptographic algorithms. The MD5, HMAC MD5, and
MD4 algorithms are disabled when operating in FIPS mode.
The module supports three types of key management schemes:
Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are
•
exchanged manually and entered electronically.
Internet Key Exchange method with support for exchanging pre-shared keys manually and entering
•
electronically.
–
–
Internet Key Exchange with RSA-signature authentication.
•
All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected
by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto
Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual
tunnels are directly associated with that specific tunnel only via the IKE protocol.
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
OL-6083-01
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Role and Service Access to CSPs (Continued)
The pre-shared keys are used with Diffie-Hellman key agreement technique to derive DES,
3DES or AES keys.
The pre-shared key is also used to derive HMAC-SHA-1 key.
r
r
w
d
r
w
d
r
w
d
r
w
d
r
w
d
41
Hide quick links:
Advertisement
Table of Contents
