[Cscwg-public] Re FIPS tokens supporting RSA 3072
adriano.santoni at staff.aruba.it
Fri Mar 26 13:25:37 UTC 2021
I also am aware of 4-5 suppliers of USB crypto tokens supporting RSA
3072, regardless of FIPS or CC. That is not the problem I raised.
My concern is that §16.3, point 2, of the CSBR is ambiguous (to me) as
to what is supposed to be "certified" (either FIPS or CC):
> A hardware crypto module with a unit design form factor certified as
> conforming to at least FIPS 140 Level 2, Common Criteria EAL 4+, or
This is likely my fault, but I am not clear what "unit design form
factor" exactly means, and I would appreciate very much anybody pointing
me to any FIPS or CC certification reports wherein this term is used.
As far as I know, a "form factor" is the particular design, shape,
assembly and wiring of a functionally self-contained electronic
component, such as a PCB including microchip(s) and other auxiliary
A crypto device is like an onion, being comprised of:
* *hardware platform* (a microcontroller, tipically including a crypto
* *card operating system* (COS), which can either be either mono- or
multi-application (e.g. Javacard);
* where applicable, an *applet*. If the COS is multi-application, a
suitable PKI application (mostly referred to as "applet") must be
installed into the chip at the production plant, for the device to
be usable. A multi-app COS, such as the Javacard platform, does not
expose by itself any crypto and key management functionalities in a
way that's usable by the host: a suitable Java applet is needed,
supporting specific commands (APDUs), a specific file system,
specific PKCS11/CSP object attributes, enforcing a specific set of
security principles, etc.
* a case with I/O and power supply contacts
Where the device is Javacard based, the security of the whole device
critically depends on the design of the PKI applet, that's why
Javacard-based devices designed for specific usages (e..g. digital
signatures) always require this applet to be certified as well (not just
the COS). Would we be happy to use a Javacard-based device running an
applet that nobody has ever verified to be actually secure? Of course we
may, if that's what the WG believes to be the way to go.
But what does it mean for the "hardware crypto module" to be either FIPS
or CC certified ? Does it mean that at least the hardware platform (the
microchip) must be certified? In this case we have plenty microchips on
the market meeting this requirement. Does it mean that the COS must
(also) be certified? In this case we have a lesser number of suitable
choices, but still comfortable. Or, does it mean that the applet must
(also) be certified? In this case, we have a very small choice, to date.
My understanding from the last CSWG call, is that some of the WG members
believe it to be sufficient that the COS be certified (or even just the
HW?). IMO, this is not clear from the current CSBR language. I would
suggest to drop the "unit design form factor" term, and specify instead
that the hardware crypto module must be based on a FIPS or CC certified
COS (if this is the desired interpretation). Let me clarify that I would
not object to this choice, if the WG believes is the right one.
I am not trying to play the "purist", just trying to raise attention and
get explanations on some aspects that are not clear to me at this time.
How about adding to the CSBR the definitions of these two terms in
section 4 ?
* hardware crypto module
* unit design form factor
Il 26/03/2021 12:37, Inigo Barreira ha scritto:
> Hi Adriano,
> Sorry for jumping late here but I´m restarting with the CABF issues
> and am still in the process L
> Regarding your question, we can differentiate between those
> USB&smartcards and the HSMs. So, for the first, we´ve found some
> others, but it´s true that there are not many but we´re aware of 3-4
> additional providers. In the HSM space, I see no problems.
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of
> *Adriano Santoni via Cscwg-public
> *Sent:* miércoles, 17 de marzo de 2021 16:08
> *To:* cscwg-public at cabforum.org
> *Subject:* [Cscwg-public] Re FIPS tokens supporting RSA 3072
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you recognize the sender
> and know the content is safe.
> I already posted this question yesterday, but apparently it did not
> get through.
> I was asking: is the SafeNet eToken 5110 CC the only FIPS token
> supporting RSA 3072 available on the market?
> I am investigating this matter myself, and although I am not finished
> it seems there aren't many... possibly just one.
> If so, it would be a rather unfortunate situation competition-wise.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4557 bytes
Desc: Firma crittografica S/MIME
More information about the Cscwg-public