TD0542: Update to FCS_COP.1(6) Key Transport
Publication Date
2020.08.26
Protection Profiles
MOD_FEEM_V1.0
Other References
FCS_COP.1.1(6)
Issue Description
FCS_COP.1(6) specifies requirements to perform key transport per SP 800-56B, Revision 1 using either KTS-OAEP or KTS-KEM-KWS. This is a problem because revision 1 (September 2014) was never added to FIPS 140-2. Currently it is only possible to vendor affirm to the original SP 800-56B (August 2009); and no algorithm testing for any version of SP 800-56B exists within CAVP program. However ACVP testing is expected shortly for SP 800-56B revision 2 (March 2019). Resolution
FCS_COP.1.1(6) is updated as indicated in underlined text to include a selection for SP 800-56B revision 2: FCS_COP.1(6) Cryptographic operation (Key Transport) FCS_COP.1.1(6)The TSF shall [selection: - not perform key transport, - perform [key transport] in accordance with a specified cryptographic algorithm [RSA in the following modes: KTS-KEM-KWS] and the cryptographic key size [selection: 3072, 4096] bits that meet the following: [NIST SP 800-56B, Revision 1], - perform [key transport] in accordance with a specified cryptographic algorithm [RSA in the following modes: KTS-OAEP] and the cryptographic key size [selection: 3072, 4096] bits that meet the following: [NIST SP 800-56B, Revision 2] ]. Justification
See issue description. |