Module Name
ISC Cryptographic Development Kit (CDK)
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The CDK is a software module. The physical embodiment of the computer hardware on which it runs is a "multi-chip standalone module" in FIPS 140-2 terminology. The "physical cryptographic boundary" is defined to be the entire computer on which the CDK software runs. As a software module, the "logical boundary" contains the software modules that comprise the CDK shared link library.
Tested Configuration(s)
- CentOS 6.7 (64-bit) running on Intel Core i7 with PAA
- CentOS 6.7 (64-bit) running on Intel Core i7 without PAA
- Microsoft Windows 10 (64-bit) running on AMD A8-3850 without PAA
- Microsoft Windows 10 (64-bit) running on Intel Core i7 with PAA
- Microsoft Windows 10 (64-bit) running on Intel Core i7 without PAA (single-user mode)
Approved Algorithms
| AES |
Cert. #4002 |
| CVL |
Certs. #831, #832, #853 and #854 |
| DRBG |
Cert. #1192 |
| DSA |
Cert. #1090 |
| ECDSA |
Cert. #892 |
| HMAC |
Cert. #2615 |
| KAS |
Cert. #85 |
| KTS |
AES Cert. #4002; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Cert. #2065 |
| SHA-3 |
Cert. #4 |
| SHS |
Cert. #3307 |
| Triple-DES |
Cert. #2197 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #853, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
