Module Name
REDCOM Encryption 140-2
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3080.
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
REDCOM Encryption 140-2 is a FIPS 140-2 validated cryptographic engine for Java and Android based environments. The engine delivers core cryptographic functions including Suite B algorithms. Also, it offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.
Tested Configuration(s)
- Android 7.0 on a Samsung Galaxy S8 (single-user mode)
- Tested as meeting Level 1 Android 6.0 on a Samsung Galaxy S7 edge
Approved Algorithms
HMAC (Cert. #3614 |
|
AES |
Cert. #5457 |
CKG |
vendor affirmed |
CVL |
Certs. #1904, #1905, #1906 and #1907 |
DRBG |
Cert. #2140 |
DSA |
Cert. #1404 |
ECDSA |
Cert. #1457 |
KAS |
Cert. #181 |
KAS |
SP 800-56Arev2, vendor affirmed |
KBKDF |
Cert. #216 |
KTS |
AES Cert. #5457; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
SP800-56B, vendor affirmed |
KTS |
Triple-DES Cert. #2744; key establishment methodology provides 112 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Cert. #2930 |
SHA-3 |
Cert. #47 |
SHS |
Cert. #4377 |
Triple-DES |
Cert. #2744 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)