Security Policy Options
Optionally with some of the typical security policies, security flags may be changed to change security behavior without invalidating the policy.
The following table details the mandatory and optional security flag settings for each of the typical security policies.
| Security Policies | Impact of Security Flags on Policies | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| a | c | d | e | i | l | n | N | p | t | u | U | E | |
| PKCS #11 Compatibility Mode |
|
|
|
|
|
||||||||
| SafeNet Default Mode |
|
|
|
|
|
|
|
|
|
|
|
|
|
| FIPS Mode |
|
|
|
|
|
|
|
|
|||||
| Entrust Compliant Mode 1 1 |
|
|
|
|
|
|
|
|
|||||
| Entrust Compliant Mode 2 2 |
|
|
|
|
|
|
|
|
|||||
| Netscape Compliant Mode |
|
|
|
|
|
|
|
|
|||||
| Restricted Mode |
|
|
|
|
|
|
|
|
|||||
1 When using Entrust Authority version 5.x
2 When using Entrust Authority version 6.x and Entrust Security Manager version 7.x
Key
| a | FIPS Algorithms Only |
|
The security flag must be set. If cleared the security policy is invalidated. |
| c | No Public Crypto | ||
| d | DES Keys Even Parity Allowed |
|
The security flag must be cleared. If set the security policy is invalidated. |
| e | Entrust Ready | ||
| i | Increased Security Level | Optional. Setting or clearing the security flag will not invalidate the security policy. | |
| I | Mode Locked | ||
| n | No Clear PINs | ||
| N | Full Secure Messaging Encryption | ||
| p | Pure PKCS11 | ||
| t | Tamper Before Upgrade | ||
| u | Auth Protection | ||
| U | Full Secure Messaging Signing | ||
| E | User Specified ECC Parameters | ||
