NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0003:  RSA Based Key Generation in MDFPP

Publication Date

Protection Profiles

Other References

Issue Description

FCS_CKM.1.1(1) in the MDFPP mandates RSA based key generation for key establishment (in accordance with NIST Special Publication 800-56B) with DSA and ECDSA as selections. The application notes state that RSA is required in accordance with FCS_TLS_EXT.1 and that in the future, SP-800-56A for elliptic curves will be required. However, the RSA based key establishment scheme in FCS_TLS_EXT.1 is not really “required”/mandatory in accordance with FCS_TLS_EXT.1 – neither to support the mandatory TLS_RSA_WITH_AES_128_SHA ciphersuite, nor to verify a server certificate.


It is not required for a vendor to implement RSA key generation in accordance with SP800-56B for the purposes of key establishment as TLS does not require this capability from a client.

Site Map              Contact Us              Home