Table of Contents
Advertisement
6
Critical Security Parameters
The following Critical Security Parameters (CSPs) are used by the module:
CSP
Key
Encryption
Key
(KEK)
IKEv1/IKEv2 Pre-shared
secret
IPSec session encryption
keys
IPSec session
authentication keys
CSP TYPE
GENERATION
Triple-DES
Hard-coded
168-bits key
64 character
CO configured
preshared
key
168-bit
Established during
Triple-DES,
Diffie-Hellman key
or
agreement
128/192/256
bit AES
keys;
HMAC
Established during
SHA-1 keys
Diffie-Hellman key
agreement
40
STORAGE
And
USE
ZEROIZATI
ON
Stored in flash,
Encrypts
zeroized by the
IKEv1/IKEv2
'ap wipe out
preshared keys
flash'
and
command.
configuration
parameters
Encrypted in
Module and
flash using the
crypto officer
KEK; zeroized
authentication
by updating
during
through
IKEv1/IKEv2;
administrative
entered into
interface, or by
the module in
the 'ap wipe
plaintext
out flash'
during
command.
initialization
and encrypted
over the IPSec
session
subsequently.
Stored in
Secure IPSec
plaintext in
traffic
volatile
memory;
zeroized when
session is
closed or
system powers
off
Stored in
Secure IPSec
plaintext in
traffic
volatile
memory;
zeroized when
session is
closed or
system powers
off
Advertisement
Table of Contents
