Module Name
Thales Luna K7 Cryptographic Module
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per Security Policy.
Embodiment
Multi-Chip Embedded
Description
The Thales Luna K7 Cryptographic Module is a high-assurance, tamper-resistant Hardware Security Module which secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security. The module meets compliance and audit needs for FIPS 140, HIPAA, PCI-DSS, eIDAS, GDPR.
Approved Algorithms
AES |
Certs. #C1707 and #C1718 |
CKG |
vendor affirmed |
CVL |
Certs. #A480, #C1707, #C1717, #C1718 and #C1719 |
DRBG |
Cert. #C1707 |
DSA |
Certs. #C1707 and #C1718 |
ECDSA |
Certs. #C1707 and #C1718 |
HMAC |
Certs. #C1707 and #C1718 |
KAS |
Cert. #A480; key establishment methodology provides 256 bits of encryption strength |
KAS |
KAS-SSC Certs. #A478 and #A480, KDA Cert. #A480, CVL Cert. #A480; key establishment methodology provides between 128 and 256 bits of encryption strength |
KAS-RSA |
Certs. #A478, #A479, #A480 and #A481; key establishment methodology provides 150 bits of encryption strength |
KAS-SSC |
Certs. #A478 and #A480 |
KBKDF |
Cert. #C1707 |
KDA |
Cert. #A480 |
KTS |
AES Certs. #C1707 and #C1718; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS-RSA |
Certs. #A478, #A479, #A480 and #A481; key establishment methodology provides between 112 and 150 bits of encryption strength |
PBKDF |
Cert. #A480 |
RSA |
Certs. #A478, #A479, #A480, #A481, #C1701, #C1707, #C1717, #C1718 and #C1719 |
SHS |
Certs. #C1701, #C1707 and #C1718 |
Triple-DES |
Cert. #C1707 |
Allowed Algorithms
AES (Cert. #C1707, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Certs. #C1707, #C1717, #C1718 and #C1719, key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Triple-DES (Cert. #C1707, key unwrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
808-000048-002, 808-000048-003, 808-000066-001, 808-000073-001, 808-0000073-002
Firmware Versions
7.7.0, 7.7.1 or 7.7.1-20 with Boot Loader versions 1.1.1, 1.1.2, 1.1.4 or 1.1.5