1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Gateway
  5. VPN Gateway
  6. User manual

Key Management; Key Generation; Key Storage; Key Entry And Output - Avaya VPN Gateway User Manual

Vpn gateway
Hide thumbs
Table of Contents

Advertisement

HSM Security Policy

10.0 Key Management

10.1 Key Generation

Random number generation for key generation is accomplished using the algorithm described
by appendix C of ANSI standard X9.17. This algorithm will use a seed value V (from appendix
C) that is generated by the random number generator in the FastMap chip. Using this algorithm
ensures that the keys generated will be consistent with the requirements of FIPS 140-1.
Performing the key generation in this manner will ensure that the generated keys will be
random and that the process used for their construction will be compatible with FIPS 140-1
requirements. Continuous random number testing is performed on the output of the hardware
RNG (in the Fastmap chip) as well as on the output of the FIPS-approved ANSI X9.17 PRNG
which is seeded by the RNG. For both continuous tests, the block size of 64 bits.

10.2 Key Storage

Private keys, symmetric keys and other critical security parameters will be stored in plaintext
within the security envelope in RAM. Private and symmetric keys may also be stored in Flash,
but only when first 3DES3KEY encrypted with the Master Key (MK) of the board. BBRAM is
used to store the Master Key.

10.3 Key Entry and Output

When in the FIPS 140-1 mode, private keys and symmetric keys can only cross the
cryptographic boundary when 3DES3KEY encrypted with a Key-Wrapping-Key. The Key-
Wrapping-Key is generated when the " Generate Key" command is received by the HSM. The
command that is used to encrypt and output a private or symmetric key is the "Wrap Key"
command. The command that is used to enter and decrypt a private or symmetric key is the
"Unwrap Key" command.

10.4 Key Distribution

To distribute a Key-Wrapping-Key between devices, it is split into two parts. The two parts,
when exclusively ORed together, generate the Key-Wrapping-Key. The key splitting occurs
when the "Write Key Split" command is first issued by the Security Officer. This command will
cause one of the key parts to be written to an iKey controlled by the Security Officer. The
second key part is written to an iKey controlled by the User. The Security Officer must logout
234
User Guide
Comments? infodev@avaya.com
April 2013

Advertisement

Table of Contents
loading

Related Manuals for Avaya VPN Gateway

Related Content for Avaya VPN Gateway

This manual is also suitable for:

3050-vmAvg 3050-vm3070-vmAvg 3070-vm3090-vmAvg 3090-vm

Table of Contents