Module Name
Entrust Security Kernel Version 7.0
Historical Reason
Validation Sunsetting Policy - FIPS 140-1 Certificate
Caveat
When operated in FIPS mode
Security Level Exceptions
- Roles and Services: Level 2*
- EMI/EMC: Level 3
- Key Management: Level 2*
- Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C3-2-rated on a Compaq ProLiant 7000 Server
- *When operated in the FIPS mode
Embodiment
Multi-chip standalone
Description
The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki.
Approved Algorithms
AES |
Cert. #10 |
DSA/SHA-1 |
Cert. #10 |
HMAC-SHA-1 |
Cert. #10, vendor affirmed |
RSA |
PKCS #1, vendor affirmed |
Triple-DES |
Cert. #6 |
Other Algorithms
DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RIPEMD-160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (vendor affirmed; non-compliant)