NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0723:  Correction to ECDSA Curve Selection

Publication Date

Protection Profiles

Other References

Issue Description

The VPNGW v1.2 requires a selection of P-256 (and P-384) if ECDSA is selected.  However, the CSfC selections for VPNGW  v1.2 FCS_CKM.1/IKE prohibit the use of P-256 and mandate P-384. 


FCS_CKM.1/IKE in Section 5.2.3 of MOD_VPNGW_v1.2 is modified as follows, with strikethroughs in red highlights denoting deletions and underlines in green highlights denoting additions:


The TSF shall generate asymmetric cryptographic keys used for IKE peer

authentication in accordance with a specified cryptographic key generation

algorithm: [selection:

-FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3

for RSA schemes,

-FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4

for ECDSA schemes and implementing “NIST curves” P-256, P-384

and [selection: P-256, P-521, no other curves]

] and [selection:

-FFC Schemes using “safe-prime” groups that meet the following:

‘NIST Special Publication 800-56A Revision 3, “Recommendation for

Pair-Wise Key Establishment Schemes Using Discrete Logarithm

Cryptography” and [selection: RFC 3526, RFC 7919],

-no other key generation algorithm

] and specified cryptographic key sizes [equivalent to, or greater than, a

symmetric key strength of 112 bits].


See issue description. Also, P-256 is not compliant with CNSA 1.0, so should not be mandated.

Site Map              Contact Us              Home