Module Name
Skyhigh Security OpenSSL Module
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Skyhigh Security OpenSSL Module provides FIPS validated cryptographic services for Skyhigh Security products.
Tested Configuration(s)
- macOS 12.2.1 running on Apple MacBook Pro with Intel ® Core ™ i7-7920HQ with PAA
- macOS 12.2.1 running on Apple MacBook Pro with Intel ® Core ™ i7-7920HQ without PAA
- McAfee Linux 3.8.0 on VMware ESXi 6.7.0 running on Intel (R) Taylor Pass 2U Xeon (R) DP Quad Board Server with Intel ® Xeon ® E5-2699 with PAA
- McAfee Linux 3.8.0 on Vmware ESXi 6.7.0 running on Intel ® Taylor Pass 2U Xeon® DP Quad Board Server with Intel ® Xeon ® E5-2699 without PAA
- SUSE Linux 15 SP3 Enterprise on Vmware ESXi 6.7.0 running on Intel ® Taylor Pass 2U Xeon ® DP Quad Board Server with Intel ® Xeon ® E5-2699 with PAA
- SUSE Linux 15 SP3 Enterprise on Vmware ESXi 6.7.0 running on Intel ® Taylor Pass 2U Xeon DP Quad Board Server with Intel ® Xeon ® E5-2699 without PAA (single-user mode)
- Ubuntu 20.04.03 LTS running on Dell PowerEdge R720xd with Intel ® Xeon ® E5-2620 with PAA
- Ubuntu 20.04.03 LTS running on Dell PowerEdge R720xd with Intel ® Xeon ® E5-2620 without PAA
- Windows 10 Enterprise 20H2 32-bit running on HP EliteBook 860 G3 with Intel ® Core ™ i5-6300U with PAA
- Windows 10 Enterprise 20H2 32-bit running on HP EliteBook 860 G3 with Intel ® Core ™ i5-6300U without PAA
- Windows Server 2019 H2 64-bit on Vmware ESXi 6.7.0 running on Intel ® Taylor Pass 2U Xeon ® DP Quad Board Server with Intel ® Xeon ® E5-2699 with PAA
- Windows Server 2019 H2 64-bit on Vmware ESXi 6.7.0 running on Intel ® Taylor Pass 2U Xeon ® DP Quad Board Server with Intel ® Xeon ® E5-2699 without PAA
Approved Algorithms
AES |
Certs. #A2366 and #A3012 |
CKG |
vendor affirmed |
CVL |
Cert. #A2366 |
DRBG |
Cert. #A2366 |
DSA |
Cert. #A2366 |
ECDSA |
Cert. #A2366 |
HMAC |
Cert. #A2366 |
KAS |
KAS-SSC Cert. #A2366, CVL Cert. #A2366 |
KAS-SSC |
Cert. #A2366 |
KTS |
AES Cert. #A2366; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
AES Cert. #A2366 and HMAC Cert. #A2366; key establishment methodology provides between 128 and 256 bits of encryption strength |
PBKDF |
Cert. #A2366 |
RSA |
Certs. #A2366 and #A3012 |
SHA-3 |
Cert. #A2366 |
SHS |
Cert. #A2366 |
Allowed Algorithms
RSA (key wrapping; key establishment methodology provides between112 and 256 bits of encryption strength)