|
Home > |
|---|
Under FIPS 186-3/4, the only RSA methods permitted for generating keys are 186-3 with primes and 186-3 with aux primes. This means that RSA PKCS and X9.31 key generation is no longer approved for operation in a FIPS-compliant HSM. Firmware version 6.2.1 and older supported only PKCS and X9.31, and these were allowed in FIPS mode. Firmware versions 6.10 through 6.21 provide the newer mechanisms, and allow both older and newer mechanisms in FIPS mode. Firmware versions 6.22.0 and newer do not allow PKCS and X9.31 in FIPS mode.
| Firmware Version | Supported Mechanisms | FIPS-mode Allowed Mechanisms |
|---|---|---|
| fw <= 6.2.1 | PKCS, X9.31 | PKCS, X9.31 |
| 6.10 <= fw <= 6.21 | PKCS, X9.31, 186-3 with primes, 186-3 with aux primes | PKCS, X9.31, 186-3 with primes, 186-3 with aux primes |
| fw >= 6.22.0 | PKCS, X9.31, 186-3 with primes, 186-3 with aux primes | 186-3 with primes, 186-3 with aux primes |
Two configuration settings are available in the Chrystoki.conf (Linux/UNIX) or Crystoki.ini (Windows) configuration file installed with SafeNet HSM Client, to deal with calls to newer-firmware HSMs for outdated mechanisms, or calls to older-firmware HSMs for newer mechanisms that they do not support. The configuration settings control redirecting or mapping of mechanism calls.
Under the configuration file's [Misc] section, RSAKeyGenMechRemap can be set to 0 or 1.
•When RSAKeyGenMechRemap is set to 0 (the default) and firmware version is 6.10.x or greater, no re-mapping is performed.
•When RSAKeyGenMechRemap is set to 1 and firmware version is 6.10.x or greater, the following re-mapping occurs:
–PKCS Key Gen --> 186-3 Prime key gen
–X9.31 Key Gen --> 186-3 Aux Prime key gen
Note: This setting is intended for older applications, allowing them to continue to call outdated mechanisms, but have the calls redirected to newer, equivalent, FIPS-acceptable mechanisms, while your software development or integration catches up.
The following table summarizes the possible combinations, for firmware versions that are supported in SafeNet HSM 6.0 and later.
| Firmware version | State of RSAKeyGen MechRemap |
Action in your application | Result | |
|---|---|---|---|---|
| 6.2.x | N/A | N/A |
•RSAKeyGenMechRemap has no effect |
|
| 6.10- through-6.21 | 0 |
Call PKCS Key Gen or X9.31 Key Gen |
•PKCS Key Gen or X9.31 Key Gen is called and runs as requested •redirect is not set, and does not occur |
|
| 1 |
•call is redirected and 186-3 Prime key gen or 186-3 Aux Prime key gen is run |
|||
| 0 |
Call 186-3 Prime key gen or 186-3 Aux Prime key gen |
•either set of mechanisms is available •186-3 Prime key gen or 186-3 Aux Prime key gen is run as requested |
||
| 1 |
•either set of mechanisms is available •186-3 Prime key gen or 186-3 Aux Prime key gen is run as requested |
|||
| 6.22.0 or newer | 0 |
Call PKCS Key Gen or X9.31 Key Gen |
•Error message; old mechanism does not exist and no redirect is indicated [see Note 1] |
|
| 1 |
•old mechanisms do not exist in FIPS mode; new ones exist •call is redirected and 186-3 Prime key gen or 186-3 Aux Prime key gen is run |
|||
| Note 1: Calling an unsupported mechanism, where no redirect is in place, yields error CKR_MECHANISM_INVALID | ||||
|
Note 2: If RSA-PKCS keys or X9.31 keys were previously created by an older firmware version, and firmware is updated to version 6.22.0, then : •keys of size 2048 or 3072 bits can still be used for sign and verify operations •keys of size 1024-up-to-4096 bits can be used to verify existing signatures, only. •when FIPS186-4 with SP800-131A is applied, it disallows RSA 4096-bit keys for signing |
||||
1.CKM_RSA_PKCS_KEY_PAIR_GEN is inserted into the C_GetMechanismList output by the client library, as the HSM does not return it in FIPS mode.
2.C_GetMechanismInfo for CKM_RSA_PKCS_KEY_PAIR_GEN returns the default Mechanism information from the client library. In FIPS mode, the HSM does not return it.
1.CKM_RSA_PKCS_KEY_PAIR_GEN is not returned by C_GetMachanismList.
2.C_GetMachanismInfo for CKM_RSA_PKCS_KEY_PAIR_GEN results in an Invalid Mechanism Attribute error.
Under the configuration file's [Misc] section, RSAPre1863KeyGenMechRemap can be set to 0 or 1.
•When RSAPre1863KeyGenMechRemap is set to 0 (the default) and firmware is version 6.2.x, no re-mapping is performed.
•When RSAPre1863KeyGenMechRemap is set to 1 and firmware is version 6.2.x, the following re-mapping occurs:
–186-3 Prime key gen --> PKCS Key Gen
–186-3 Aux Prime key gen --> X9.31 Key Gen
CAUTION: This setting is intended for evaluation purposes, such as with existing integrations that require newer mechanisms, before you update to firmware that actually supports the more secure mechanisms. Be careful with this setting, which makes it appear you are getting a new, secure mechanism, when really you are getting an outdated, insecure mechanism.
The following table summarizes the possible combinations, for firmware versions that are supported in SafeNet HSM 6.0 and later.
| Firmware version | State of RSAPre1863 KeyGen MechRemap |
Action in your application | Result | |
|---|---|---|---|---|
| 6.2.x | 0 | Call PKCS Key Gen or X9.31 Key Gen |
•PKCS Key Gen or X9.31 Key Gen is called and runs |
|
| 1 |
•PKCS Key Gen or X9.31 Key Gen is called and runs |
|||
| 0 |
Call 186-3 Prime key gen or 186-3 Aux Prime key gen |
•Call fails; new mechanism does not exist |
||
| 1 |
•PKCS Key Gen or X9.31 Key Gen is called and runs •new mechanism does not exist; redirect to old [see Note 1] |
|||
| 6.10- through-6.22 | N/A | N/A |
•RSAPre1863KeyGenMechRemap has no effect |
|
| Note 1: The inclusion of redirection to the outdated mechanisms, where the firmware does not support the newer mechanisms, allows you to [re-]write your implementation to call the newer, FIPS-approved mechanisms, yet allows you to use that application with older-firmware HSMs - perhaps in a mixed or transitioning environment. | ||||