Access Control Policy
User functionalities have read/write access to the AES Session Key and RSA
public key. AES Session key is used to decrypt the data for printing. RSA public
key is used for AES Session key transport. Integrity Check Keys can be read by
Crypto-Officer "Run Self-Test" service.
Key Generation
The module key is generated internally is 1024 bits RSA key pair using key
generation techniques that meet IG A.6 and FIPS Pub 186-3. FIPS-Approved
PRNG X9.31 Appendix A.2.4 is used to seed the RSA key generation mechanism.
AES Session Key is generated outside of the module and imported via RSA key
transport.
Key Storage
The AES Session Key is held in volatile memory only in plaintext. The RSA
public key is stored in flash memory in an X.509 certificate in plaintext, and the
RSA private key is stored flash memory in plaintext.
Key Entry and Output
All keys that are entered into (AES key) or output from (RSA certificate) the
module are electronically entered or output. AES Session Key is entered into the
module transported (encrypted) by RSA public key.
Key Zerorization
AES Session key is an ephemeral key which is zeroized after the connection is
closed or by rebooting the module. The module provides no service to erase or
discard the RSA key pair. The key pair is erased by overwriting the flash image
with a new image.
Self-Tests
The PrintCryption module runs power-up and conditional self-tests to verify that
it is functioning properly. Power-up self-tests are performed during startup of the
module. Module startup occurs every time a new network connection is
established and the dkmd or aessd process starts. Conditional self-tests are
executed whenever specific conditions are met.
© Copyright 2009 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Firmware Integrity Check: The module employs a firmware integrity
test in the form of HMAC SHA-1.
Cryptographic Algorithm Tests: Known Answer Tests (KATs) are run
at power-up for the following algorithms:
• AES KAT
Page 12 of 20
Need help?
Do you have a question about the 10G0149 - PrintCryption Card Encryption Module and is the answer not in the manual?