Table of Contents
Advertisement
Operational Environment
The operational environment is non-modifiable and thus not applicable for this
firmware module. The PrintCryption module runs on the Linux OS, and
configured for single-user mode by default. The operating system is used as an
embedded OS within the Lexmark printers, and there is no direct access to the OS
provided.
Cryptographic Key Management
The module implements the following FIPS-approved algorithms.
Additionally, the module utilizes the following non-FIPS-approved algorithm
implementation:
The module supports the following critical security parameters:
Key or CSP
AES Session Key
RSA Public Key
© Copyright 2006 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
• AES ECB, CBC mode decryption – FIPS 197 (certificate #273, #274,
#275, #276, #277, and #452)
• Deterministic Random Number Generator (RNG) – Appendix A.2.4 of
ANSI X9.31 (certificate #100, #101, #102, #103, #104, and #237)
• HMAC – FIPS 198 (certificate #89, #90, #91, #92, #93, and #215)
• RSA (sign/verify) – PKCS#1 (certificate #73, #74, #75, #76, #77, and
#171)
• SHS– FIPS 180-2 (certificate #350, #351, #352, #353, #354, and #515)
• TDES 2 key ECB mode encryption/decryption – FIPS 46-3 (certificate
#356, #357, #358, #359, #360, and #470) (Note: The FIPS approved
X9.31 Appendix A.2.4 PRNG utilizes 2 key TDES algorithm).
• RSA Key Wrapping (PKCS #1): Key establishment method uses a 1024-
bit key length providing 80-bits of security.
Key type
Generation
128, 192, 256
Externally generated. Imported in
bits AES key
encrypted form (RSA key transport)
1024 bit RSA
Internally generated using PKCS#1
public key (80-
key generation mechanism
bits of
security)
Page 9 of 17
Storage
Use
Held in volatile
Decrypts input data
memory in plaintext.
for printing
Zerorized after the
session is closed or
on reboot.
Stored on flash in
Key transport
plaintext. Zerorized
by overwriting the
flash image.
Advertisement
Table of Contents
