Archived
TD0107: FCS_CKM - ANSI X9.31-1998, Section 4.1.for Cryptographic Key Generation
Publication Date
2016.09.14
Protection Profiles
PP_APP_v1.1, PP_APP_v1.2, PP_MD_v2.0, PP_MDM_V2.0, PP_ND_VPN_GW_EP_v1.1, PP_NDCPP_VPN_GW_EP_V2.0, PP_OS_v4.0, PP_OS_V4.1, PP_VOIP_V1.3, PP_VPN_IPSEC_CLIENT_V1.4
Other References
—
Issue Description
The referenced protection profiles (PPs) allow for the generation of asymmetric keys using RSA schemes that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3. or ANSI X9.31-1998, Section 4.1. The PPs also include an Application Note with the statement “The ANSI X9.31-1998 option will be removed from the selection in a future publication of this document. Presently, the selection is not exclusively limited to the FIPS PUB 186-4 options in order to allow industry some further time to complete the transition to the modern FIPS PUB 186-4 standard.” Resolution
Effective immediately, RSA schemes using ANSI X9.31-1998, Section 4.1 is no longer a valid selection. NIAP will not accept products into evaluation that claim RSA schemes that meet ANSI X9.31-1998 Section 4.1. Justification
Upon publication of FIPS 186-4 in July 2013, NIST only allows and tests for Key Generation as defined in FIPS 186-4. |