Nokia IP265 Security Guide - Page 21

The module supports the following critical security parameters

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 21 highlights

The module supports the following critical security parameters: Table 6 - Listing CSPs for the Module CSPs Host RSA v1 key pair (via IPSO) Server RSA v1 key pair (via IPSO) [See footnote 1 below table.] Host RSA v2 key pair (via IPSO) [See footnote 1 below table.] Host DSA key pair (via IPSO) Authorized RSA v1 key (via IPSO) CSPs type 1024-bit RSA private and public key pair 512-, 640-, 768(default), 864-, 1024-bit private and public key pair 512-, 640-, 768(default), 864-, 1024-bit private and public key pair 160-bit DSA private key and 1024-bit DSA public key 1024-bit RSA public key Generation Internal - using X9.31 PRNG Internal - using X9.31 PRNG Internal - using X9.31 PRNG Internal - using X9.31 PRNG External Storage Stored in plaintext on disk Stored in plaintext in memory Stored in plaintext on disk Stored in plaintext on disk Stored in plaintext on disk Authorized RSA v2 1024-bit RSA key public key (via IPSO) External Stored in plaintext on disk Authorized DSA key 1024-bit DSA public key External Stored in plaintext on disk (via IPSO) TLS RSA key pair (via Check Point VPN-1) 1024-bit RSA private and public key pair External Stored in plaintext on disk TLS client RSA public key (via Check Point VPN-1) IKE RSA key pair (via Check Point VPN-1) IKE client RSA public key (via Check Point VPN-1) Pre-shared keys (via Check Point VPN-1) 1024-bit RSA public key 1024-bit RSA private and public key pair 1024-bit RSA public key 6-character preshared key External External External External Stored in plaintext on disk Stored in plaintext on disk Stored in plaintext on disk Stored in plaintext on disk Use SSH server authentication and key transport to client (SSHv1) SSH server authentication and key transport to client (SSHv1) SSH server authentication (SSHv2) SSH server authentication to client (SSHv2) Client authentication to SSH server (SSHv1) Client authentication to SSH server (SSH v2) Client authentication to SSH server (SSHv2) TLS server authentication and key transport during TLS handshake Client authentication during TLS handshake Server authentication during IKE Client authentication during IKE Client and server authentication during IKE © Copyright 2005, 2006, 2007 Nokia Page 21 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
The module supports the following critical security parameters:
Table 6 – Listing CSPs for the Module
CSPs
CSPs type
Generation
Storage
Use
Host RSA v1 key
pair
(via IPSO)
1024-bit RSA
private and public
key pair
Internal – using
X9.31 PRNG
Stored in plaintext
on disk
SSH server
authentication and
key transport to
client (SSHv1)
Server RSA v1 key
pair
(via IPSO)
[
See footnote 1
below table.
]
512-, 640-, 768-
(default), 864-,
1024-bit private
and public key pair
Internal – using
X9.31 PRNG
Stored in plaintext
in memory
SSH server
authentication and
key transport to
client (SSHv1)
Host RSA v2 key
pair
(via IPSO)
[
See footnote 1
below table.
]
512-, 640-, 768-
(default), 864-,
1024-bit private
and public key pair
Internal – using
X9.31 PRNG
Stored in plaintext
on disk
SSH server
authentication
(SSHv2)
Host DSA key pair
(via IPSO)
160-bit DSA
private key and
1024-bit DSA
public key
Internal – using
X9.31 PRNG
Stored in plaintext
on disk
SSH server
authentication to
client (SSHv2)
Authorized RSA v1
key
(via IPSO)
1024-bit RSA
public key
External
Stored in plaintext
on disk
Client
authentication to
SSH server
(SSHv1)
Authorized RSA v2
key
(via IPSO)
1024-bit RSA
public key
External
Stored in plaintext
on disk
Client
authentication to
SSH server (SSH
v2)
Authorized DSA
key
(via IPSO)
1024-bit DSA
public key
External
Stored in plaintext
on disk
Client
authentication to
SSH server
(SSHv2)
TLS RSA key pair
(via Check Point
VPN-1)
1024-bit RSA
private and public
key pair
External
Stored in plaintext
on disk
TLS server
authentication and
key transport
during TLS
handshake
TLS client RSA
public key
(via Check Point
VPN-1)
1024-bit RSA
public key
External
Stored in plaintext
on disk
Client
authentication
during TLS
handshake
IKE RSA key pair
(via Check Point
VPN-1)
1024-bit RSA
private and public
key pair
External
Stored in plaintext
on disk
Server
authentication
during IKE
IKE client RSA
public key
(via Check Point
VPN-1)
1024-bit RSA
public key
External
Stored in plaintext
on disk
Client
authentication
during IKE
Pre-shared keys
(via Check Point
VPN-1)
6-character pre-
shared key
External
Stored in plaintext
on disk
Client and server
authentication
during IKE
© Copyright 2005, 2006, 2007
Nokia
Page 21 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.