ISC CDK: ISC Cryptographic Development Kit

Standards Compliance

CDK 7.0 was awarded NIST FIPS 140-1 Level 1 Certificate No. 347. Certification was performed by a NIST-accredited laboratory that did souce code level validation of all supported FIPS approved algorithms and security interfaces. Review and oversight was provided jointly by NIST and CSE. Only products containing FIPS 140-validated security modules may be purchased and used for the processing of sensitive data by agencies of the U.S. Federal Government. Such products are also recommended by the Government of Canada.

NIST NOTE: FIPS 140-2 is now in effect. However, Federal agencies may continue to purchase, retain and use FIPS 140-1 validated modules.

At the time of validation, there were no formal NIST test suites for certain FIPS approved algorithms. In these cases we ran standard industry tests, provided letters of compliance assurance to NIST, and the NIST-accredited CMT lab checked the source code and test results. These algorithms are marked VA (for "Vendor Affirmed") in the NIST certificate column of the table below.

Cryptographic functions provided by ISC CDK 7.0 comply with all relevant specifications in the NIST, ANSI, ISO, IETF, IEEE, and industry standards cited in the following table:

FIPS Approved Algorithms	Relevant Standards and Other References	NIST Certificate
RSA	FIPS 186-2; ANSI X9.31-1998; RFC2437 (PKCS#1v2.0), RFC3447 (PKCS#1v2.1); ANSI X9.44; IEEE 1363-2000	VA
DSA	FIPS 186-2; ANSI X9.30-1997	#65
ECDSA	FIPS 186-2; ANSI X9.62-1998; IEEE 1363-2000	VA
DH	RFC2631; ANSI X9.42-1998; IEEE 1363-2000
ECDH	ANSI X9.63; IEEE 1363-2000
AES	FIPS 197; NIST SP-800-38A; NIST SP-800-38C; DRAFT NIST SP-800-38B; CNSS Policy No. 15; RFC3565	#9
TDES	FIPS 46-3; ANSI X9.52-1998; NIST SP-800-38A; NIST SP 800-20; DRAFT NIST SP 800-67	#115
DES (deprecated)	FIPS 46-3; ANSI X3.92	#171
Skipjack/EES	FIPS 185; NIST/NSA specification; NIST SP 800-38A	#9
SHA-1	FIPS 180-2; ANSI X9.30 Part 2; ISO/IEC 10118-3:1998	#100
SHA-24/256/384/512	FIPS 180-2; NIST specifications
HMAC-SHA-1	FIPS 198; RFC2104; ANSI X9.71	#100, VA
PRNG	FIPS 186-2; FIPS 140-2 Annex C; NIST SP 800-22
Password Generation	FIPS 181
Not FIPS Approved	Relevant Standards and Other References
DESX	IETF ID; (analysis by J. Kilian and P. Rogaway)
RC2	RFC3217; RFC2268
RC4	RFC2246 (SSL/TLS); "Arcfour" internet-draft
MD2	RFC1319
MD5	RFC1321
HMAC-MD5	RFC2104; ANSI X9.71
Also Available	Relevant Standards and Other References
KEA	NIST/NSA specification; RFC2528; RFC3279; SDN.701
MQV, ECMQV	IEEE 1363-2000
OAEP	RFC2437 ( PKCS #1v2.0); RFC3560; IEEE 1363-2000
RIPEMD-160	ISO/IEC 10118-3:1998; (A. Bosselaers website); RFC2857

In addition to the algorithms listed in the first part of the above table, CDK 7.0 includes:

X.509v3 certificate and CRL handling (RFC2459, RFC3279, RFC3280, NIST SP 800-15)
support for the creation and parsing of PKCS#7/8/10/12 PDUs and S/MIMEv3 CMS PDUs (RFC3370. RFC3851, RFC3852)
key derivation functions for PKCS#5 PBE and various ANSI and PKCS#1/3/5/8 (RFC2313-2315) padding, encoding, and decoding functions
pseudo-random number generation, primality testing, and routines for low-level modular exponentiation and other high-precision arithmetic operations (in rings of integers, finite fields, and elliptic curves)
simple SSLv3/TLS client support

ISC Cryptographic Development Kit - User's Guide
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.