[cabfpub] Cryptographic module requirement in 6.2.7

Ryanne Fox ryanne at godaddy.com
Mon Feb 29 16:12:23 UTC 2016


On 2/26/16, 5:59 PM, "public-bounces at cabforum.org on behalf of Peter Bowen" <public-bounces at cabforum.org on behalf of pzb at amzn.com> wrote:

>Last month, the NIST SP800-131A provision on RNGs went into effect.  This provision essentially says that all cryptographic modes are required to use one these CSPRNG/DRBGs: HASH_DRBG, HMAC_DRBG and CTR_DRBG.
>This has resulted in NIST moving many existing cryptographic modules into a “historical category” (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm)
>BR 6.2.7 says:
>"Private Key Storage on Cryptographic Module 
>The CA SHALL protect its Private Key in a system or device that has been validated as meeting at least FIPS 140 level 3 or an appropriate Common Criteria Protection Profile or Security Target, EAL 4 (or higher), which includes requirements to protect the Private Key and other assets against known threats.”
>Given this requirement and the move to historical of many HSMs:
>1) Is a device listed as “historical” suitable for continued CA key protection for keys already on the device?

From that NIST page, "This does not mean that the overall FIPS-140 certificate has been revoked, rather it indicates that the certificate and the documentation posted with it do not accurately reflect how the module can be used in FIPS mode.” IMO, yes it is still suitable for private key storage.   I believe that using RNG besides HASH_DRBG, HMAC_DRBG and CTR_DRBG is considered non-FIPS, FWIW.

>2) Is a device listed as “historical” suitable for CA key protection for newly generated keys?

IMO, from reading 1), yes. 

>3) Must a device used for CA key protection be configured in “FIPS mode”?

I’ve always heard so, and believe my auditors have asked for verification of this in the past.

>4) Are there any requirements about algorithm validation, such as a requirement that the algorithm used for the keys be listed in the "FIPS Approved algorithms” list for the device and/or have a CAVP certificate?

My HSM vendor disables non-FIPS algorithms in FIPS mode. I’d expect that BR 6.2.7 would mean generated keys SHALL by generated with a FIPS Approved algorithm.


More information about the Public mailing list