NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0145:  FCS_CKM_EXT.3.1 - Security strength of KEKs

Publication Date

Protection Profiles

Other References

Issue Description

The MDFPP has a blanket statement that the security strength of KEKs should be equal or greater than that of DEK they protect, but yet the PP’s high-strength use case selects AES-256 (and not AES-192). 


FCS_CKM_EXT.3.1    The TSF shall use [selection: asymmetric KEKs of [assignment: security strength greater than or equal to 112] security strength, symmetric KEKs of [selection: 128-bit, 256-bit] security strength corresponding to at least the security strength of the keys encrypted by the KEK].


The security strength of KEKs is at least the security strength of the keys they encrypt.

Site Map              Contact Us              Home