Cryptographic algorithms
Symmetric algorithms
Symmetric Algorithms |
||||
---|---|---|---|---|
Algorithm |
FIPS approved in a v1 or v2 Security World |
FIPS approved in a v3 Security World |
Key type |
Supported by |
AES |
Y |
Y |
AES or Rijndael |
Y |
Arcfour |
N |
N |
Arcfour |
N |
ARIA |
N |
N |
Aria |
N |
Camellia |
N |
N |
Camellia |
N |
CAST 256 |
N |
N |
CAST256 |
N |
DES |
N |
N |
DES |
N |
DES2 |
Y |
N |
DES2 |
Y |
Triple DES |
Y |
N 1 |
Triple DES |
Y |
MD5 HMAC |
N |
N |
HMACMD5 |
N |
RIPEMD160 HMAC |
N |
N |
HMACRIPEMD160 |
N |
SEED |
N |
N |
SEED |
N |
SHA-1 HMAC |
Y |
Y |
HMACSHA1 |
Y |
SHA-224 HMAC |
Y |
Y |
HMACSHA224 |
N |
SHA-256 HMAC |
Y |
Y |
HMACSHA256 |
Y |
SHA-384 HMAC |
Y |
Y |
HMACSHA384 |
Y |
SHA-512 HMAC |
Y |
Y |
HMACSHA512 |
Y |
1 Not FIPS 140 approved for encryption operations, but available for decryption operations.
Asymmetric algorithms
Asymmetric Algorithms |
||||
---|---|---|---|---|
Algorithm |
FIPS approved in a v1 or v2 Security World |
FIPS approved in a v3 Security World 1 |
Key type |
Supported by |
Diffie-Hellman |
Y |
Y |
DH or DHEx |
Y |
DSA |
Y |
Y |
DSA |
Y |
ECDH |
Y 2 |
Y 2 |
ECDH or EC 3 |
Y |
ECDSA |
Y 4 |
Y 4 |
ECDSA or EC |
Y |
ECIES |
N |
N |
ECDH or EC |
N |
Ed25519 |
N |
N |
Ed25519 |
Y |
Ed448 |
N |
N |
Ed448 |
N |
ElGamal |
Y |
Y |
DH |
Y |
KCDSA |
N |
N |
KCDSA |
N |
RSA |
Y |
Y |
RSA |
Y |
X25519 |
N |
N |
X25519 |
Y |
1 Some insecure key sizes are non-FIPS 140 approved.
2 FIPS 140 approval is only for use with ECDH keys, not with EC keys, but see 3 for exception.
3 FIPS 140 allows an EC key to be used as an ECDH key for a single use-case. In this use case, an ECDH key is allowed to perform a single signing of a Certificate Signing Request (CSR), so that a certificate for the ECDH key can be generated.
4 FIPS 140 approval is only for use with ECDSA keys, not with EC keys.
FIPS information
In a FIPS 140 Level 3 Security World, the nShield HSM only supports FIPS-approved algorithms and key sizes.
-
If you have a FIPS 140 Level 3 Security World and have any protocols that use algorithms not approved by FIPS, you have the following options:
-
If you need to use these non-approved algorithms, you can migrate to a non-FIPS Security World but continue to use hardware and firmware validated for FIPS 140 Level 3.
-
If you have strict FIPS 140 Level 3 requirements, you must replace your protocols to use approved algorithms.
-
-
If you have a FIPS 140 Level 3 Security World and have existing long-term keys for unapproved algorithms, you have the following options:
-
Migrate to a non-FIPS Security World but continue to use hardware and firmware validated for FIPS 140 Level 3.
-
Replace the keys with approved keys before upgrading to the current firmware. Keys for unapproved algorithms are incompatible with this Security World.
-
To obtain more details on the specific algorithms that are FIPS approved for use in the HSM, refer to the nShield Security Policy for the particular FIPS CMVP certified nShield product that you are using.
For the FIPS CMVP certificates for nShield products, see https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search. The FIPS CMVP certificate links to the Security Policy.
Compatibility of Security World versions with FIPS
To comply with the latest FIPS cryptographic transitions, Security World v3 was introduced in firmware version 12.50. If an nShield HSM is upgraded to use firmware version 12.50 or later, any v2 Security Worlds using the HSM that were compliant with FIPS 140 Level 3 will no longer be compliant.
You can create a v3 Security World that is compliant with FIPS 140 Level 3 from a host server if you meet the following criteria:
-
The host server is running Security World host-side software version 12.50 or later.
-
The HSM is running firmware version 12.50 or later.
Your solution is only FIPS 140 compliant if you are running the exact firmware version that has been FIPS 140 certified.