Module Name
Thales Luna G7 Cryptographic Module
Caveat
Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.2 of the Security Policy
Security Level Exceptions
- Operational environment: N/A
- Non-invasive security: N/A
- Mitigation of other attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Thales Luna G7 Cryptographic Module is a standalone hardware security module in the form of a USB device. The cryptographic module is contained in its own secure enclosure, which provides physical resistance.
Allowed Algorithms
KAS-ECC-SSC Cert #A2125 (ephemeralUnified, fullUnified, onePassDH When using Non-NIST curves and allowances from FIPS 140-3 IG C.A, Use of Non-approved elliptic curves.; Derive key from existing partition secret or private key object);KTS (AES Cert. #C2020) (Key unwrapping: key establishment methodology provides between 128 and 256 bits of encryption strength. Uses allowances in FIPS 140-3 IG D.G, Key transport methods, for key unwrapping using un-authenticated modes of encryption listed on Cert #C2020 without use of an additional approved hash function.; Clone SMK between partitions, Import secret or private key using key wrapping. Legacy Unwrapping);KTS (Triple-DES Cert #C2020) (Key unwrapping: key establishment methodology provides 112 bits of encryption strength. Uses allowances in FIPS 140-3 IG D.G, Key transport methods, for key unwrapping using un-authenticated modes of encryption listed on Cert #C2020 without use of an additional approved hash function.; Import secret or private key using key wrapping. Legacy Unwrapping)
Hardware Versions
808-000080-001, 808-000080-002, 808-000064-005, 808-000064-006
Firmware Versions
7.7.3 with bootloader versions 1.3.0, 1.5.0 and 1.6.0
