Module Name
nShield 5s Hardware Security Module
Caveat
When installed, initialized and configured as specified in Section 11.3 of the Security Policy
Security Level Exceptions
- Operational environment: N/A
- Non-invasive security: N/A
- Mitigation of other attacks: N/A
- Documentation requirements: N/A
- Cryptographic module security policy: N/A
Embodiment
Multi-Chip Embedded
Description
The nShield 5s PCIe Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing.
Approved Algorithms
Safe Primes Key Generation
Safe Primes Key Verification
Allowed Algorithms
ECDSA (Cert. #A2513) (when used with non-approved Brainpool elliptic curves P224r1/P224t1, P256r1/P256t1, P320r1/P320t1, P384r1/P384t1 and P512r1/P512t1; Key generation Signature generation and verification);KAS-ECC (Cert. #A2513) (when used with non-approved Brainpool elliptic curves P224r1/P224t1, P256r1/P256t1, P320r1/P320t1, P384r1/P384t1 and P512r1/P512t1; Key establishment)
Hardware Versions
PCA10005-01 revision 03 and 04
Firmware Versions
primary-version 13.2.4; recovery-version 13.2.4; uboot-version 1.1.0