1. Manuals
  2. Brands
  3. Sun Microsystems Manuals
  4. Storage
  5. Sun StorageTek T9840D
  6. Security manual

Modes Of Operation (Area 1); Approved Algorithms; Non-Approved Algorithms - Sun Microsystems Sun StorageTek T9840D Security Manual

Security policy
Hide thumbs Also See for Sun StorageTek T9840D:
Table of Contents

Advertisement

Sun Microsystems
Security Requirements Section
Self-Tests
Design Assurance
Mitigation of Other Attacks

3 Modes of Operation (Area 1)

3.1 Approved Algorithms

Once configured per the procedures as defined in Section 3.4 the module is only able to operate in a FIPS
140-2 Approved Mode of operation. Within the FIPS 140-2 Approved Mode of operation the following
Approved algorithms are available:
AES CCM supporting 256-bit keys in both hardware (AES Certificate # 495) and firmware (AES
Certificate # 1063)
AES ECB encryption (AES Certificate # 1059) as used in CCM encryption in firmware (AES
Certificate # 1063)
RSASSA-PKCS1-v1_5 supporting 2048-bit keys (RSA Certificate # 503) for digital signature
verification (firmware load test)
HMAC SHA-1 (HMAC Certificate # 597) to create the challenge response as part of the certificate
service of the KMS 2.x Agent Toolkit.
SHA-1 (SHS Certificate # 1005) for the following:
as part of digital signature verification for the firmware
o
as part of HMAC-SHA-1 (HMAC certificate # 597)
o
for hashing passwords used for authentication
o
AES ECB (AES Certificate # 1060) supporting 256-bit keys. Used as part of the AES Key Wrap
algorithm to securely establish keying material.
SP 800-90 CTR DRBG (DRBG Certificate # 11) for generating random numbers used for nonce
values and cryptographic keys
AES CTR (AES Certificate # 1061) as part of the SP 800-90 CTR DRBG.
AES CBC mode with 256-bit key (AES Certificate # 1062), used within TLS session between ETD
and KMS 2.x.
HMAC-SHA-1 (HMAC Certificate # 598)with 160-bit key used to protect the integrity of TLS
communications between the ETD and KMS 2.x.
SHA-1 (SHS Certificate #1006)
as part of the TLS Key Derivation Functionality
o
as part of HMAC SHA-1 (HMAC Certificate # 598)
o

3.2 Non-Approved Algorithms

The cryptographic module supports the following Non-Approved algorithms that are allowed for use within
FIPS Approved mode: MD5 as used within the TLS1.0 Key Derivation Function. (see [TLS1.0])
AES Key Wrap (AES Certificate #1060) used to securely establish media keys (Vendor Affirmed,
Feb 5, 2010
Sun StorageTek ™ T9840D Tape Drive Security Policy
Level
1
1
N/A
Part 316055201, Rev: AA
Page 6

Advertisement

Table of Contents
loading

Related Manuals for Sun Microsystems Sun StorageTek T9840D

Related Content for Sun Microsystems Sun StorageTek T9840D

Table of Contents