Module Name
nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
Historical Reason
Moved to historical list in accordance with SP800-131A Revision 1 Transition (AES/TDES key wrapping)
Caveat
When operated in FIPS mode and initialized to Overall Level 2 per Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 3 +EFP
- EMI/EMC: Level 3
- Design Assurance: Level 3
Embodiment
Multi-chip embedded
Description
The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed.
Approved Algorithms
AES |
Cert. #1579 |
CVL |
Cert. #1 |
DRBG |
Cert. #72 |
DSA |
Cert. #487 |
ECDSA |
Cert. #192 |
HMAC |
Cert. #925 |
RSA |
Certs. #770 and #1092 |
SHS |
Cert. #1398 |
Triple-DES |
Certs. #132 and #1035 |
Triple-DES MAC |
Triple-DES Cert. #1035, vendor affirmed |
Other Algorithms
ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA;
HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption
strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption
strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength);
Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of
encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112
and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256
bits of encryption strengh; non-compliant less than 112 bits of encryption strength)
Hardware Versions
nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N
Firmware Versions
2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2