CKM_DES3_CBC_ENCRYPT_DATA
Firmware 7.8.4 and Newer Summary
FIPS approved? | No |
Supported functions | Derive |
Functions restricted from FIPS use | N/A |
Minimum key length (bits) | 128 |
Minimum key length for FIPS use (bits) | N/A |
Minimum legacy key length for FIPS use (bits) | N/A |
Maximum key length (bits) | 192 |
Block size | 0 |
Digest size | 0 |
Key types | Symmetric |
Algorithms | None |
Modes | None |
Flags | None |
NOTE In this firmware version, this mechanism is not approved for FIPS 140-3.
Firmware 7.8.2 and Older Summary
FIPS approved? | Yes |
Supported functions | Derive |
Functions restricted from FIPS use | None |
Minimum key length (bits) | 128 |
Minimum key length for FIPS use (bits) | 192 |
Minimum legacy key length for FIPS use (bits) | 128 |
Maximum key length (bits) | 192 |
Block size | 0 |
Digest size | 0 |
Key types | Symmetric |
Algorithms | None |
Modes | None |
Flags | None |
NOTE Using Luna HSM Firmware 7.7.0 and newer, 3DES keys have a usage counter attribute (CKA_BYTES_REMAINING) that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms set to
The CKA_BYTES_REMAINING attribute is available when HSM policy 12: Allow non-FIPS algorithms is set to
The attribute is preserved through backup/restore using a Luna Backup HSM 7; restoring the key restores the counter's setting at the time of backup.
The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring the key resets the counter to the maximum.