Module Name
MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.
Approved Algorithms
AES |
Cert. #3419 |
CVL |
Cert. #515 |
DRBG |
Cert. #824 |
DSA |
Cert. #963 |
ECDSA |
Cert. #686 |
HMAC |
Cert. #2177 |
KBKDF |
Cert. #57 |
KTS |
AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #1751 |
SHS |
Cert. #2825 |
Triple-DES |
Cert. #1930 |
Triple-DES MAC |
Triple-DES Cert. #1930, vendor affirmed |
Other Algorithms
ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (key wrapping; non-compliant)
Hardware Versions
nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N
Firmware Versions
2.61.1-2 and 2.62.1-2