Module Name
DocuSign HSM Appliance
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
DocuSign HSM Appliance is a high-performance cryptographic service provider. It performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities.
Approved Algorithms
| AES |
Certs. #C1160 and #C1161 |
| CKG |
vendor affirmed |
| CVL |
Cert. #C1160 |
| DRBG |
Certs. #98 and #C1161 |
| ECDSA |
Cert. #C1161 |
| HMAC |
Certs. #C1160 and #C1161 |
| KTS |
AES Cert. #C1160 and HMAC Cert. #C1160 |
| KTS |
AES Cert. #C1161 and AES Cert. #C1161; key establishment methodology provides 128 bits of encryption strength |
| RSA |
Cert. #C1161 |
| SHS |
Certs. #1465, #C1160 and #C1161 |
| Triple-DES |
Cert. #C1161 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
