Current SFR does not allow products that provide support for escrow of user private (encryption) keys (but not provide any mechanism for archival of the CA signing keys) to claim this functionality.

The following changes are made in the CA PP ver 2.1:

1. In Section 4.1, in the SFRs listed under O.PROTECTION_COMMUNICATIONS, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH
2. In Table 3, in the SFRs listed under O.PROTECTION_COMMUNICATIONS, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH (2 instantiations)
3. In Table 3, in the SFRs listed under OE.ARCHIVAL, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA (2 instantiations)
4. In Appendix A, in second paragraph, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH as another example of the second case.
5. In Table 5, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH
6. In the Application Note for FCS_CKM_EXT.1.1(3), change all instances of FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH as a second refernce wherever FPT_SKY_EXT.1(1).1/CA is referred to.
7. In the Application Note for FCS_CKM_EXT.6, change FPT_SKY_EXT.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH as a second reference.
8. In the Application Note for FPT_SKY_EXT.2, change FPT_SKY_EXT.1.1 to FPT_SKY_EXT.1(1).1/CA and add FPT_SKY_EXT.1(2).1/OTH as a second reference.
9. In FCS_KSH_EXT.1.1, change FPT_SKY_EXT.1.1 to FPT_SKY_EXT.1(1).1/CA in the SFR and in the Application Note.
10. FPT_SKY_EXT.1.1 is replaced by the following two iterations:

FPT_SKY_EXT.1(1).1/CA      The TSF shall [selection: support, interface with the operational environment to support] split knowledge procedures to enforce two-party control for the export of CA signing keys and [selection: no other data, [assignment: critical data or keys]] necessary to resume CA functionality after TSF failure using [selection: key sharing mechanisms in accordance with FCS_CKM_EXT.1(3), FCS_CKM_EXT.1(4), FCS_CKM_EXT.6, and FPT_SKY_EXT.2, [assignment: other mechanism]].

Application Note:                    The intent of this requirement is to limit access to critical keys that are necessary to maintain operations after a failure.  Key  sharing  mechanisms  are  also  referred to  as  secret  sharing  mechanisms,  or threshold schemes and are commonly used by hardware security modules to clone keys between devices.

If enforcement of split knowledge procedures to provide controlled access to critical keys and data required to restore CA functionality is performed entirely by the OE, then this SFR is not included in the ST and OE.KEY_ARCHIVAL is included in the ST.

Assurance Activity

If  the  TSF  implements  a  key  sharing mechanism, this SFR  is  satisfied  through the referenced SFRs in Appendices B.3 and B.8 of the PP.

Note: FCS_CKM_EXT.1(3) specifies how the key shares generated in accordance with FCS_CKM_EXT.1(4) are used to produce a KEK to protect the keys listed in this requirement.  The protection  of  those  keys  with  the  KEK  is  done  by  mechanism  required  in FCS_CKM_EXT.6.    FPT_SKY_EXT.2  specifies  access  control  for  the  key  shares themselves.

If   the   TSF   interfaces   with   a   cryptographic   module   in   the   Operational Environment  to  implement  a  key  sharing  mechanism,  the  evaluator  shall examine  the  TSS  to  ensure  that  the  interface  to  the  OE,  and  cryptographic provider for the key sharing mechanism is described.

If the TSF implements another split knowledge procedure, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the CA signing key and all other selected data and keys. The evaluator  shall  review  the  AGD  to  ensure  it  contains  clear  instructions  to privileged users on how to conduct the procedures.

If   the   TSF   interfaces   with   the   OE   to   implement   other   split   knowledge procedures,  the  evaluator  shall  examine  the  TSS  to  ensure  the  procedure  is adequately described, and assess the procedure to ensure that it is effective in restricting  access  to  the  CA  signing  key  and all  other  selected  data  and  keys.

The evaluator shall ensure that the  TSS describes the dependence on the OE and identifies any cryptographic providers within the OE used to support the procedures.

The  evaluator  shall  also  examine  the  AGD  guidance  to  ensure  it contains instructions for configuring the OE to restrict access to the CA signing key and all other selected data and keys.

 FPT_SKY_EXT.1(2).1/OTH   The TSF shall [selection: support, interface with the operational environment to support] split knowledge procedures to enforce two-party control for the export of [selection: no other data, user private keys, [assignment: critical data or keys]] using [selection: key sharing mechanisms in accordance with FCS_CKM_EXT.1(3), FCS_CKM_EXT.1(4), FCS_CKM_EXT.6, and FPT_SKY_EXT.2, [assignment: other mechanism]].

Application Note:                    The intent of this requirement is to limit access to other critical keys or data that are archived when the TSF provides, or iterfaces with the OE to provide, a split knowledge mechanism different than what is provided to archive and recover the CA signing key and other critical keys and data required to restore CA functionality. This requirement may include protection mechanisms for critical keys and data that are archived to restore optional CA functionality, which are not required to restore basic CA functionality. However, if the TSF provides, or interfaces with the OE to provide, the same mechanism to protect access to all archived keys and data used for both basic and any optional CA functionality, the common mechanism can be described in FPT_SKY_EXT.1/CA and it is not necessary to also include this requirement in the ST.

If enforcement of split knowledge procedures to provide controlled access to critical keys and data not included in FPT_SKY_EXT.1/CA is performed entirely by the OE, then this SFR is not included in the ST and OE.KEY_ARCHIVAL is included in the ST.

 Assurance Activity

If  the  TSF  implements  a  key  sharing mechanism, this SFR  is  satisfied  through the referenced SFRs in Appendices B.3 and B.8 of the PP.

Note: FCS_CKM_EXT.1(3) specifies how the key shares generated in accordance with FCS_CKM_EXT.1(4) are used to produce a KEK to protect the keys listed in this requirement.  The protection  of  those  keys  with  the  KEK  is  done  by  mechanism  required  in FCS_CKM_EXT.6.    FPT_SKY_EXT.2  specifies  access  control  for  the  key  shares themselves.

If   the   TSF   interfaces   with   a   cryptographic   module   in   the   Operational Environment  to  implement  a  key  sharing  mechanism,  the  evaluator  shall examine  the  TSS  to  ensure  that  the  interface  to  the  OE,  and  cryptographic provider for the key sharing mechanism is described.

If the TSF implements another split knowledge procedure, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the selected data and keys.  The evaluator  shall  review  the  AGD  to  ensure  it  contains  clear  instructions  to privileged users on how to conduct the procedures.

If   the   TSF   interfaces   with   the   OE   to   implement   other   split   knowledge procedures,  the  evaluator  shall  examine  the  TSS  to  ensure  the  procedure  is adequately described, and assess the procedure to ensure that it is effective in restricting  access  to  the selected  data  and  keys.

The evaluator shall ensure that the  TSS describes the dependence on the OE and identifies any cryptographic providers within the OE used to support the procedures.

The  evaluator  shall  also  examine  the  AGD  guidance  to  ensure  it contains instructions for configuring the OE to restrict access to the  selected data and keys.

See Issue Description.