Module Name
FCAT Wallet Vault Cryptographic Module
Caveat
When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Security Level Exceptions
- Physical security: N/A
- Non-invasive security: N/A
- Mitigation of other attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The FCAT Wallet Vault Cryptographic Module is implemented within the secure context of the FCAT hardware wallet platform. The FACT Wallet is built atop the ProvenCore EAL7-certified secure OS developed by ProvenRun and operates in conjunction with a hardened version of the OpenSSL FIPS-compliant cryptographic library. The module offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, and message authentication; support for key establishment functions to secure data-at-rest and data-in-flight for the larger FCAT Wallet platform, which includes cryptographic functions supporting user-facing wallet GUI application.
Tested Configuration(s)
- Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R with PAA
- Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R without PAA
Allowed Algorithms
AES (Cert. A4978, key unwrapping. Per IG D.G.; Symmetric key unwrapping);RSA ( Cert. A4978, key unencapsulation. Per IG D.G.; Asymmetric key unencapsulation);SHA-1 ( Cert. A4978, secure hashing.; Digital signature generation in TLS v1.0/1.1);Triple-DES ( Cert. A4978, key unwrapping. Per IG D.G.; Symmetric key unwrapping)
