Cisco 7609-S User Guide - Page 20

DRBG V SP 800‐90 Diffie DH Hellman shared secret Diffie DH Hellman private exponent SSH keys/CSPs 256‐bits This is the seed key for generated from SP 800‐90 DRBG. entropy source via the CTR_DRBG derivation function 1024‐4096 bits This is the shared N/A secret agreed upon as part of DH exchange DRAM (plaintext) DRAM (plaintext) 1024‐4096 bits The private exponent Generated using FIPS DRAM used in Diffie‐Hellman approved DRBG (plaintext) (DH) exchange. power cycle the device Zeroized upon deletion Automatically after shared secret generated. SSH Private key SSH session key RSA Triple‐ DES/AES 1024‐2048 bits This is the SSH private key used to authenticate the module Generated or NVRAM entered like any RSA (plaintext) key 3‐key Triple‐ DES 128/192/256 bits AES keys This is the symmetric SSH key used to protect SSH session Created as part of SSH session set‐up DRAM (plaintext) Zeroized by either deletion (via # crypto key zeroize rsa) or by overwriting with a new value of the key Zeroized automatically when SSH session is closed Table 8 Cryptographic Keys and CSPs 2.7 Self-Tests In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. 2.7.1 Self-tests performed by the IOS image • IOS Self Tests o POST tests ƒ AES Known Answer Test ƒ RSA Signature Known Answer Test (both signature/verification) ƒ Software/firmware test © Copyright 2011 Cisco Systems, Inc. 20 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.