Module Name
Luna® PCI 7000 Cryptographic Module
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode and configured to Overall Level 3 per Security Policy
Embodiment
Multi-chip embedded
Description
Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities.
Approved Algorithms
| AES |
Certs. #510 and #1904 |
| DSA |
Cert. #600 |
| ECDSA |
Cert. #269 |
| HMAC |
Cert. #1142 |
| KAS |
Cert. #29 |
| KBKDF |
vendor affirmed |
| RNG |
Cert. #998 |
| RSA |
Certs. #974 and #975 |
| SHS |
Cert. #1671 |
| Triple-DES |
Certs. #520 and #1236 |
| Triple-DES MAC |
Triple-DES Certs. #520 and #1236, vendor affirmed |
Other Algorithms
DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)
Hardware Versions
VBD-03-0100
