NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0626:  FCS_COP.1 Keyed Hash Selections

Publication Date

Protection Profiles

Other References

Issue Description

FCS_COP.1/KeyedHash in Application Software PP v1.4 currently incorrectly includes SHAs instead of HMAC-SHAs.  Additionally, the SFR should allow HMAC-SHA-384 or HMAC-SHA-512 in place of HMAC-SHA-256 as the selected cryptographic algorithm.


This TD was archived on 1/18/2023 and replaced by TD0717.

FCS_COP.1.1/KeyedHash in App PP v1.4 is modified as follows, with underlines denoting additions and strikethroughs denoting deletions:

The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm [selection:

  • HMAC-SHA-256,
  • HMAC-SHA-384,
  • HMAC-SHA-512]

and [selection:

  • HMAC-SHA-1,
  • HMAC-SHA-384,
  • HMAC-SHA-512,
  • no other algorithms


] with key sizes [assignmentkey size (in bits) used in HMAC] and message digest sizes [selection: 256384512] and [selection160384512, no other size] bits that meet the following: FIPS Pub 198-1, ‘The Keyed-Hash Message Authentication Code’ and FIPS Pub 180-4, ‘Secure Hash Standard’.



See issue description

Site Map              Contact Us              Home