Module Name
MiniHSM, MiniHSM for nShield Edge F3, and MiniHSM for Time Stamp Master Clock
Historical Reason
SP 800-131A transition which disallows key wrapping not compliant to SP 800-38F.
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
The MiniHSM, MiniHSM for nShield Edge F3 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.
Approved Algorithms
AES |
Cert. #3419 |
CVL |
Cert. #515 |
DRBG |
Cert. #824 |
DSA |
Cert. #963 |
ECDSA |
Cert. #686 |
HMAC |
Cert. #2177 |
KBKDF |
Cert. #57 |
KTS |
AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #1751 |
SHS |
Cert. #2825 |
Triple-DES |
Cert. #1930 |
Triple-DES MAC |
Triple-DES Cert. #1930, vendor affirmed |
Other Algorithms
ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Hardware Versions
nC4031Z-10, nC4031U-10 and TSMC200, Build Standard N
Firmware Versions
2.61.1-3