Module Name
Thales CipherTrust Manager Core Security Module
Caveat
When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.
Security Level Exceptions
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.
Tested Configuration(s)
- Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 with PAA
- Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 without PAA
- Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 with PAA
- Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 without PAA
- Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 with PAA
- Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 without PAA
Approved Algorithms
AES |
Certs. #A1778, #A1779, #A2634 and #A2635 |
CKG |
vendor affirmed |
CVL |
Cert. #A1779 |
DRBG |
Cert. #A1779 |
ECDSA |
Certs. #A1779 and #A2634 |
ENT |
P |
HMAC |
Certs. #A1779 and #A2634 |
KAS-SSC |
Certs. #A1779 and #A2634 |
KDA |
Cert. #A1779 |
KTS |
AES Certs. #A1778 and #A1779; key establishment methodology provides between 128 and 256 bit of encryption strength |
KTS |
AES Certs. #A1778 and #A1779 and HMAC Cert. #A1779; key establishment methodology provides 128 bits of encryption strength |
KTS |
AES Certs. #A2634 and #A2635 and HMAC Cert. #A2634; key establishment methodology provides between 128 and 256 bit of encryption strength |
KTS-RSA |
Cert. #A1779; key establishment methodology provides between 112 and 150 bits of encryption strength |
PBKDF |
Cert. #A1779 |
RSA |
Cert. #A1779 |
SHA-3 |
Cert. #A1779 |
SHS |
Certs. #A1779 and #A2634 |
Triple-DES |
Certs. #A1779 and #A2634 |
Allowed Algorithms
RSA (Key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)