This page was not yet optimized for use on mobile devices.
ExtraHop Cryptographic Module
Certificate #4561
Webpage information ?
Document information ?
Security policy
Symmetric Algorithms
AES, CAST, CAST5, RC4, RC5, RC2, DES, Triple-DES, TDES, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, ARIA, SM4, SEED, HMAC, CMACAsymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA3-224, SHA3-384, SHA3-256, SHA3-512, SHA-3, Blake2, MD4, MD5, RIPEMD, PBKDF, PBKDF2Schemes
MAC, Key Agreement, Key agreementProtocols
SSH, TLS, TLS v1.2, TLS v1.3, TLS 1.2, TLS 1.3Randomness
DRBG, RNG, RBGElliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XEX, XTSJavaCard API constants
SM2Trusted Execution Environments
PSP, SSCVendor
MicrosoftSecurity level
Level 1Standards
FIPS 140-3, FIPS PUB 186-4, FIPS PUB 198-1, FIPS PUB 197, FIPS PUB 202, FIPS PUB 180-4, NIST SP 800-38A, NIST SP 800-38B, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-38F, NIST SP 800-132, NIST SP 800-67, SP 800-38A, SP 800-38B, NIST SP 800-52, PKCS#1, PKCS #1, RFC25, RFC 8446, RFC 5288, RFC 5246, ISO/IEC 19790, ISO/IEC 24579, ISO/IEC 19790:2012, ISO/IEC 19790:2021File metadata
| Title: | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author: | Corsec Security, Inc. |
| Creation date: | D:20230712104617-04'00' |
| Modification date: | D:20230712104617-04'00' |
| Pages: | 39 |
| Creator: | Microsoft® Word for Microsoft 365 |
| Producer: | Microsoft® Word for Microsoft 365 |
References
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
18.09.2023 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4561,
"dgst": "315ef9b31f21c15d",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"Counter DRBGA2293",
"SHA3-384A2293",
"SHA3-256A2293",
"AES-CFB128A2293",
"TDES-CFB1A2293",
"TDES-CFB64A2293",
"SHAKE-256A2293",
"TLS v1.2 KDF RFC7627A2293",
"AES-KWA2293",
"ECDSA KeyVer (FIPS186-4)A2293",
"SHA2-512A2293",
"SHA2-384A2293",
"KDA HKDF SP800-56Cr2A2293",
"HMAC-SHA2-512A2293",
"KDF SSHA2293",
"SHA3-512A2293",
"RSA SigVer (FIPS186-4)A2293",
"AES-CCMA2293",
"PBKDFA2293",
"KAS-FFC-SSC Sp800-56Ar3A2293",
"TDES-CMACA2293",
"HMAC-SHA-1A2293",
"TDES-OFBA2293",
"TDES-CFB8A2293",
"TLS v1.3 KDFA2294",
"AES-KWPA2293",
"AES-CFB1A2293",
"SHA2-224A2293",
"AES-XTSA2293",
"HMAC-SHA2-256A2293",
"ECDSA KeyGen (FIPS186-4)A2293",
"HMAC-SHA3-384A2293",
"AES-OFBA2293",
"TDES-ECBA2293",
"AES-ECBA2293",
"AES-CMACA2293",
"DSA SigVer (FIPS186-4)A2293",
"DSA PQGGen (FIPS186-4)A2293",
"HMAC-SHA3-224A2293",
"HMAC-SHA2-224A2293",
"AES-GMACA2293",
"KAS-ECC-SSC Sp800-56Ar3A2293",
"AES-GCMA2293",
"TDES-CBCA2293",
"AES-CBCA2293",
"RSA KeyGen (FIPS186-4)A2293",
"DSA PQGVer (FIPS186-4)A2293",
"ECDSA SigVer (FIPS186-4)A2293",
"SHAKE-128A2293",
"HMAC-SHA3-256A2293",
"RSA SigGen (FIPS186-4)A2293",
"AES-CTRA2293",
"AES-CFB8A2293",
"HMAC-SHA3-512A2293",
"DSA KeyGen (FIPS186-4)A2293",
"KDF TLSA2293",
"SHA-1A2293",
"HMAC-SHA2-384A2293",
"SHA3-224A2293",
"SHA2-256A2293"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 3
},
"ECDH": {
"ECDH": 11
},
"ECDSA": {
"ECDSA": 26
},
"EdDSA": {
"EdDSA": 3
}
},
"FF": {
"DH": {
"DH": 12,
"Diffie-Hellman": 2
},
"DSA": {
"DSA": 25
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 8
},
"CCM": {
"CCM": 3
},
"CFB": {
"CFB": 3
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 9
},
"GCM": {
"GCM": 37
},
"OFB": {
"OFB": 8
},
"XEX": {
"XEX": 2
},
"XTS": {
"XTS": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 18
},
"TLS": {
"TLS": {
"TLS": 34,
"TLS 1.2": 3,
"TLS 1.3": 1,
"TLS v1.2": 3,
"TLS v1.3": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 3,
"Key agreement": 2
},
"MAC": {
"MAC": 11
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 2,
"B-233": 4,
"B-283": 4,
"B-409": 4,
"B-571": 4,
"K-163": 4,
"K-233": 6,
"K-283": 4,
"K-409": 4,
"K-571": 4,
"P-192": 8,
"P-224": 14,
"P-256": 8,
"P-384": 8,
"P-521": 8
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"Certificate6": 4
}
},
"fips_certlike": {
"Certlike": {
"AES GCM encrypt KAT50": 1,
"AES-CMAC 128": 1,
"AES-GCM 128": 1,
"CVL23": 1,
"DRBG 9": 1,
"DRBG27": 1,
"DSA28": 1,
"HMAC 128": 2,
"PKCS #1": 2,
"PKCS#1": 6,
"RSA39": 1,
"SHA-1": 13,
"SHA-256": 1,
"SHA-3": 1,
"SHA2- 256": 6,
"SHA2- 384": 4,
"SHA2- 512": 5,
"SHA2-224": 13,
"SHA2-256": 17,
"SHA2-384": 11,
"SHA2-512": 11,
"SHA3- 224": 1,
"SHA3- 256": 1,
"SHA3- 384": 1,
"SHA3- 512 112": 1,
"SHA3-224": 3,
"SHA3-256": 4,
"SHA3-384": 3,
"SHA3-512": 3,
"SHS42": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3
}
},
"hash_function": {
"BLAKE": {
"Blake2": 3
},
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 2
}
},
"PBKDF": {
"PBKDF": 6,
"PBKDF2": 5
},
"RIPEMD": {
"RIPEMD": 2
},
"SHA": {
"SHA1": {
"SHA-1": 13
},
"SHA2": {
"SHA-256": 1
},
"SHA3": {
"SHA-3": 1,
"SHA3-224": 3,
"SHA3-256": 4,
"SHA3-384": 3,
"SHA3-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {
"curves": {
"SM2": 2
}
},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 45
},
"RNG": {
"RBG": 2,
"RNG": 4
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 20,
"FIPS PUB 180-4": 1,
"FIPS PUB 186-4": 5,
"FIPS PUB 197": 2,
"FIPS PUB 198-1": 1,
"FIPS PUB 202": 1
},
"ISO": {
"ISO/IEC 19790": 6,
"ISO/IEC 19790:2012": 1,
"ISO/IEC 19790:2021": 1,
"ISO/IEC 24579": 4
},
"NIST": {
"NIST SP 800-132": 2,
"NIST SP 800-38A": 1,
"NIST SP 800-38B": 2,
"NIST SP 800-38C": 2,
"NIST SP 800-38D": 6,
"NIST SP 800-38E": 2,
"NIST SP 800-38F": 2,
"NIST SP 800-52": 1,
"NIST SP 800-67": 2,
"SP 800-38A": 1,
"SP 800-38B": 1
},
"PKCS": {
"PKCS #1": 1,
"PKCS#1": 3
},
"RFC": {
"RFC 5246": 1,
"RFC 5288": 1,
"RFC 8446": 1,
"RFC25": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 98
},
"CAST": {
"CAST": 4,
"CAST5": 3
},
"RC": {
"RC2": 2,
"RC4": 3,
"RC5": 3
}
},
"DES": {
"3DES": {
"TDES": 1,
"Triple-DES": 20
},
"DES": {
"DES": 5
}
},
"constructions": {
"MAC": {
"CMAC": 23,
"HMAC": 26
}
},
"djb": {
"ChaCha": {
"ChaCha20": 3
},
"Poly": {
"Poly1305": 2
}
},
"miscellaneous": {
"ARIA": {
"ARIA": 3
},
"Blowfish": {
"Blowfish": 3
},
"Camellia": {
"Camellia": 3
},
"IDEA": {
"IDEA": 3
},
"SEED": {
"SEED": 3
},
"SM4": {
"SM4": 3
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Corsec Security, Inc.",
"/CreationDate": "D:20230712104617-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20230712104617-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 886586,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.extrahop.com/",
"mailto:info@corsec.com",
"http://www.corsec.com/",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14786",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34903",
"http://csrc.nist.gov/groups/STM/cmvp",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14787"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "2caf156a884d9abcacc495f4696817b3e9f5cb2231adfbb5148525d9df60342c",
"policy_txt_hash": "ecb6c157586183204affae508d27f00080dde87ff63a895d0a8954df3ca89dd6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in approved mode. No assurance of the minimum strength of generated keys",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf",
"date_sunset": "2028-08-27",
"description": "The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "ExtraHop Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "1.0",
"tested_conf": [
"ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA",
"ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA",
"ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-08-28",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
}
],
"vendor": "ExtraHop Networks, Inc.",
"vendor_url": "http://www.extrahop.com"
}
}