Module Name
Chrysalis-ITS K3 Cryptographic Engine
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode
Security Level Exceptions
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Cryptographic Key Management: Level 3
- Self-Tests: Level 3
- Mitigation of Other Attacks: Level 3
Embodiment
Multi-chip embedded
Description
The K3 Chrysalis-ITS Cryptographic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card.
Approved Algorithms
| AES |
Cert. #41 |
| DSA |
Cert. #51 |
| HMAC-SHA-1 |
Cert. #64, vendor affirmed |
| RSA |
FIPS 186-2 and PKCS #1, vendor affirmed |
| SHA-1 |
Cert. #64 |
| Triple-DES |
Cert. #73 |
| Triple-DES MAC |
Triple-DES Cert. #73, vendor affirmed |
Other Algorithms
DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; Diffie-Hellman 1024 (non-compliant); CAST MAC; CAST3 MAC; CAST5 MAC; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5 MAC
Hardware Versions
2.0, 3.0 and 4.0
