NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0145:  FCS_CKM_EXT.3.1 - Security strength of KEKs

Publication Date
2017.02.10

Protection Profiles
PP_MD_v3.0

Other References
FCS_CKM_EXT.3.1

Issue Description

The MDFPP has a blanket statement that the security strength of KEKs should be equal or greater than that of DEK they protect, but yet the PP’s high-strength use case selects AES-256 (and not AES-192). 

Resolution

FCS_CKM_EXT.3.1    The TSF shall use [selection: asymmetric KEKs of [assignment: security strength greater than or equal to 112] security strength, symmetric KEKs of [selection: 128-bit, 256-bit] security strength corresponding to at least the security strength of the keys encrypted by the KEK].

Justification

The security strength of KEKs is at least the security strength of the keys they encrypt.

 
 
Site Map              Contact Us              Home