Module Name
nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
Historical Reason
SP 800-131A transition which disallows key wrapping not compliant to SP 800-38F.
Caveat
When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
The nShield modules: nShield F2 10e, nShield F2 500e, nShield F2 1500e, nShield F2 6000e are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed.
Approved Algorithms
AES |
Certs. #3420 and #3446 |
CVL |
Certs. #516 and #532 |
DRBG |
Cert. #825 |
DSA |
Cert. #964 |
ECDSA |
Cert. #695 |
HMAC |
Cert. #2178 |
KBKDF |
Cert. #56 |
KTS |
AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #1752 |
SHS |
Cert. #2826 |
Triple-DES |
Cert. #1931 |
Triple-DES MAC |
Triple-DES Cert. #1931, vendor affirmed |
Other Algorithms
ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Hardware Versions
nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3023E-010, Build Standard N
Firmware Versions
2.61.2-2