Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
1 of 17
TITLE: LunaCA3
Security Policies
ABSTRACT: This document describes the security policies
implemented by the LunaCA3
PC Card (Luna
CA3
token) and how the design of its firmware
and hardware enforces these policies.
DOCUMENT NUMBER: CR-0782
ORIGINATOR: Laurie Smith
DEPARTMENT: Systems Engineering
LOCATION OF ISSUE: Ottawa
DATE ORIGINATED: March 19, 2001
CHANGE LEVEL: 7
CHANGE DATE: September 7, 2001
SECURITY LEVEL: None
SUPERSESSION DATA: CR-0782, 6
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
2 of 17
© Copyright 1997-2001 Chrysalis-ITS, Inc.
All rights reserved. Communications Security Establishment (CSE) and National Institute of Standards and
Technology (NIST) are granted the right to copy and distribute this document provided such reproduction is in its
entirety.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
3 of 17
TABLE OF CONTENTS
1. Introduction............................................................................................................ 4
1.1. Purpose ............................................................................................................................................4
1.2. Scope................................................................................................................................................4
1.3. Intended Audience............................................................................................................................4
1.4. History of Revision............................................................................................................................4
1.5. References .......................................................................................................................................4
1.6. Glossary of Acronyms / Abbreviations..............................................................................................5
2. Luna CA3
Overview................................................................................................ 5
3. Security Policy Tools ............................................................................................ 6
3.1. Fixed Policy Vector (FPV).................................................................................................................7
3.1.1. Number of SO Login Fails Allowed............................................................................................7
3.1.2. Secret Key Policy.......................................................................................................................7
3.1.3. Private Key Policy......................................................................................................................7
3.1.4. Token Security Policy................................................................................................................8
3.2. Token Policy Vector (TPV) ...............................................................................................................9
3.2.1. Number of User Login Fails Allowed .........................................................................................9
3.2.2. Minimum/Maximum Authentication Code Length......................................................................9
3.2.3. Local Policies.............................................................................................................................9
4. Identification and Authentication (I&A) ............................................................. 10
4.1. High Availability Recovery Support.................................................................................................11
5. Discretionary Access Control (DAC) ................................................................. 11
6. M of N Activation ................................................................................................. 11
7. Object Reuse........................................................................................................ 11
8. Notes .................................................................................................................... 12
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
4 of 17
1. INTRODUCTION
1.1. Purpose
This document describes the security policies implemented by the Luna CA
3
PC Card (Luna CA
3
token) and how
the design of its firmware and hardware enforces these policies.
1.2. Scope
This document addresses the Luna CA
3
token’s security policies.
1.3. Intended Audience
The intended audience for this document is the Luna CA
3
Engineering and Product Management Team, external
agencies for validation or endorsement of the Luna CA
3
token; selected industry partners; prospective
customers; and potential users of Luna CA
3
who want to understand the security policies of the product for FIPS
operations.
The reader of this document should be familiar with the PKCS#11 standard defined by RSA Laboratories.
1.4. History of Revision
Revision Date Description
1 March 19, 2001 Revision of 802509 document (v2.00) to incorporate changes to
Appendix C and reformatting IAW CorpDocs template.
2 March 27, 2001 Change of Security Level to “None” and new proprietary statement.
3 April 11, 2001 Incorporation of B. Woodard’s comments on FPV_USE_CAV.
4 April 26, 2001 Minor formatting corrections.
5 April 26, 2001 Correction of Appendix B.
6 July 17, 2001 Corrected FPV/TPV force RSA blinding info (resolution of Razor
Issue #484).
7 September 7, 2001 Updated Section 6 and Appendix A. Added sub-section 4.1 re HA login.
1.5. References
Document No. Revision Author Title
PKCS#11 V2.10 RSA Laboratories PKCS#11: Cryptographic Token Interface
Standard, December 1999
FIPS PUB 140-1 Information Technology
Laboratory, National
Institute of Standards and
Technology
FIPS PUB 140-1: Security Requirements For
Cryptographic Modules, 11 January 1994.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
5 of 17
1.6. Glossary of Acronyms / Abbreviations
Term Explanation
CAV Cryptographic Algorithm Vector
CCM Custom Command Module
CRC Cyclic Redundancy Check
CSP Critical Security Parameters
DAC Discretionary Access Control
FPV Fixed Policy Vector
I&A Identification and Authentication
PED PIN Entry Device
PIN Personal Identification Number
SO Security Officer
SRAM Static Random Access Memory
TPV Token Policy Vector
UAV User’s Authorization Vector
2. LUNA CA3
OVERVIEW
The Luna CA
3
token securely stores data and keying material inside its cryptographic boundary. The Luna CA
3
token also performs cryptographic operations on data provided by external applications using the keying material
stored in the token. These abilities are defined as key management, object management, and cryptographic
capability.
Before a Luna CA
3
token can be used to perform any cryptographic or key/object management functions, the
token must receive a valid operator identity (also known as a user number), as well as a valid authentication
code. These two inputs are processed by the token during a "LOGIN" command. When this command has
completed successfully, the token allows the user to perform operations based on the policy settings defined for
that token.
The token has the ability to distinguish between two categories of users: super-users and normal users. The
super-user category is referred to as the Security Officer (SO) and the normal user category is referred to as the
user. A token can have only one SO. The SO is allowed to perform all of the cryptographic, key and object
management functions provided by the token, as well as a set of functions called the SO functions. These SO
functions are available only to the SO, and they allow the SO to manage the token policy.
For a Luna CA
3
token, there is no limit on the number of users that can be created by the SO. All users are
subjected to the same policy settings as those established by the SO. However, each user has his or her own
authentication code initially assigned under control of the SO, which is used internally to protect the data the user
owns.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
6 of 17
The Luna CA
3
token protects critical security parameters as defined by FIPS 140-1. For the purposes of a Luna
CA
3
token, Critical Security Parameters (CSPs) are the SO’s and users’ authentication codes. These CSPs can
only be exchanged with a Luna CA
3
token through a separate data port. Attached to this separate data port via
the PC Card reader is a PIN Entry Device or PED. With the PED, a user can store a pseudo randomly
generated authentication code on a Datakey serial memory key (Datakey device). To access the
cryptographic material on a Luna CA
3
token, a user needs the token, a PED, a card reader capable of supporting
communication between the token and the PED, and the Datakey devices containing the SO and/or user
authentication codes.
As per FIPS requirements, the Luna CA
3
token also enforces the use of a separate data port for input and output
of plain-text cryptographic key components and plain-text authentication data. The key cloning domain identifier
and M of N shares are plain-text cryptographic key components and, hence, are protected through the use of the
separate data port.
The Luna CA
3
token meets and is validated against FIPS 140-1 level 3 physical security requirements. For
example, one aspect of physical security is through tamper evidence provided by the case: an attacker cannot
get into the Luna CA
3
token and access plain-text keys in an operational state. Contact Chrysalis-ITS for more
details of the physical security used to protect the Luna CA
3
token.
3. SECURITY POLICY TOOLS
The Luna CA
3
token provides two levels of security policy enforcement. A vector that is loaded on the token
during manufacturing dictates the first level of security. This vector, called the Fixed Policy Vector (FPV),
establishes an envelope of security that cannot be modified after manufacturing.
The second level of security is provided by a policy vector that can be modified by the token's SO. This vector is
called the Token Policy Vector (TPV), and consists of a series of policy settings that can be established and
modified by the token’s legitimate SO.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
7 of 17
3.1. Fixed Policy Vector (FPV)
The FPV contains the settings necessary to enforce policy rules that apply across a wide range of token users,
regardless of their organizational policies. For example, one bit in the FPV defines whether the token can be
exported. In an exportable version, the token provides a reduced set of algorithms and imposes limitations on
maximum key lengths as required by export regulations.
The FPV cannot be modified by the SO or any of the users. The FPV is put on the token when it is manufactured
and remains in place until the token is destroyed or the firmware is erased. The integrity of the FPV is
maintained through the same mechanism used to protect the executable code from being modified. This
mechanism is a 32-bit Cyclic Redundancy Check (CRC) computation.
The format of the FPV is a 32-bit vector that is divided into four fields of eight bits. These fields and their
contents are defined in the following sections.
3.1.1. Number of SO Login Fails Allowed
This field defines the number of consecutive failed login attempts that can be made by the SO before the token
erases the flash memory to prevent illegal access to its contents.
This security measure prevents an impostor from cracking the SO’s authentication code on the token.
3.1.2. Secret Key Policy
The following table defines the flags that identify the security policies that are followed for secret key objects.
Name Description
FPV_SECRET_KEY_SENSITIVE This bit determines whether a secret key object must always be made
sensitive or if it can be determined by the high-level application using the
token. When this bit is set, all secret keys stored on the token are sensitive.
The keys are encrypted when in the flash memory and they can be
extracted only outside of the token in encrypted form using the
GESC_WRAP_KEY function.
This bit must be set for FIPS-compliant tokens.
FPV_SECRET_KEY_NO_CREATE This bit determines whether a secret key object can be created by an
external application using the token, instead of being generated by the
token. When this bit is set, an external application cannot create a secret
key on the token; it is not possible to enter a secret key in plain text form on
the token.
This bit must be set for FIPS-compliant tokens.
3.1.3. Private Key Policy
The following table defines the flags that identify the security policies that are followed for private key objects.
Name Description
FPV_PRIVATE_KEY_SENSITIVE This bit determines whether a private key object must always be made
sensitive or if it can be determined by the high-level application using the
token through PKCS#11. When this bit is set, all private keys stored on the
token must be flagged as sensitive whether or not the high-level application
requested this flag when the keys were created. When this bit is set, all
private keys are encrypted while stored in flash memory.
Note: After a private key is sensitive, it cannot be extracted from the token
even in encrypted format.
This bit must be set for FIPS-compliant tokens.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
8 of 17
Name Description
FPV_PRIVATE_KEY_NO_CREATE This bit determines whether a private key object can be created by an
external application using the GESC_CREATE_OBJ call, instead of being
generated by the token. When this bit is set, an external application cannot
create a private key on the token; it is not possible to enter a private key in
plain text form on the token.
This bit must be set for FIPS-compliant tokens.
3.1.4. Token Security Policy
The following table defines the flags that identify the security policies that dictate the behavior of the token in
general.
Name Description
FPV_DOMESTIC_FLAG This bit determines whether the token can be exported. When this bit is set,
the token is configured for the domestic market and cannot be exported.
This bit is verified internally every time a cryptographic function implying an
encryption or a decryption is performed. If the bit is set, no restrictions exist
on key sizes. If the bit is not set, a limitation of 56 bits is applied to any
symmetric keys used for encryption or decryption, and a 512-bit limitation
on asymmetric keys used for wrapping and unwrapping operations.
Signature and verification operations are not restricted in terms of key
lengths.
FPV_ENABLE_CLONING This bit determines whether sensitive objects on the token can be "cloned"
to another similarly enabled token. When this bit is set, cloning is enabled.
For a Luna CA3
token, this bit is set.
FPV_USE_CAV This bit is used by the firmware to determine if the CAV should be checked
to validate the desired algorithm. Normally, this bit is zero, which assumes
all algorithms are valid.
FPV_WRAPPING_TOKEN This bit determines whether RSA private keys can be wrapped. When this
bit is set, an RSA private key can be wrapped.
FPV_USE_M_OF_N This bit defines whether the token can perform M of N activation. When this
bit is set, the token can be configured to perform M of N activation. M of N
is a principal feature of a Luna CA3
token.
FPV_USE_RAW_RSA This bit determines whether RAW RSA operations can be performed on the
token. When this bit is set, RAW RSA operations are allowed. RAW RSA
provides access to RSA to perform encrypt and decrypt operations on data
without any padding.
FPV_SPECIAL_CLONING This bit determines whether the token allows the factory-default Chrysalis-
ITS key cloning certificate to be modified. When this bit is set, customers
can create their own key cloning certificate. This capability is provided by
default on a Luna CA3
token.
FPV_ENABLE_CCM This bit determines whether a custom command module can be loaded
onto the token. When this bit is set, a custom command module can be
loaded onto the token.
This bit must be cleared (i.e., zero) for FIPS-compliant tokens.
FPV_CCM_PRESENT_FWUPDATE This bit determines whether a custom command module must be present
before a firmware update operation is allowed to proceed. When this bit is
set, a Custom Command Module (CCM) must be loaded on the token to
perform a firmware update. Additionally, the CCM must implement the
PreModuleUpdate function.
This bit is clear and does not apply to Luna CA3
tokens.
FPV_FORCE_RSA_BLINDING This bit determines whether the token must perform blinding, which
introduces a random element to the time needed to complete an RSA
operation. Blinding defeats timing attacks on an RSA operation. If this bit
is set, the token will always use RSA blinding (the
TPV_FORCE_RSA_BLINDING bit will have no effect).
FPV_PIN_MUST_USE_SP This bit determines if the serial communication port must be used to enter
an authentication code. When this bit is set, an authentication code can
only be entered through the serial communication port. When this bit is
cleared, authentication codes are entered via the host computer. Use of
the serial communication port is a principal feature of a Luna CA3
token.
This bit must be set for FIPS 140-1 level 3-compliant tokens.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
9 of 17
Name Description
FPV_MOFN_MUST_USE_SP This bit determines if the serial communication port must be used to enter
the M of N secret. When this bit is set, the M of N secret can only be
entered through the serial communication port. When this bit is cleared,
the M of N secret is entered via the host computer. Use of the serial
communication port is a principal feature of a Luna CA3
token.
This bit must be set for FIPS 140-1 level 3-compliant tokens.
FPV_KCV_MUST_USE_SP This bit determines if the serial communication port must be used to enter
the key cloning domain identifier. When this bit is set, the key cloning
domain identifier can only be entered through the serial communication
port. When this bit is cleared, the key cloning domain identifier is entered
via the host computer. Use of the serial communication port is a principal
feature of a Luna CA3
token.
This bit must be set for FIPS 140-1 level 3-compliant tokens.
3.2. Token Policy Vector (TPV)
The TPV contains the settings necessary to enforce policy rules locally in an organization. For example, one bit
in the TPV defines whether the token can perform a signature operation using a signing key generated by an
outside process or if it must use an internally generated key for this function. The TPV can be modified by the
token’s SO. The TPV contents are used by the internal code to validate the operations performed by the token’s
USER.
The format of the TPV is a 32-bit vector that is divided into four fields of eight bits. These fields and their
contents are defined in the following sections.
3.2.1. Number of User Login Fails Allowed
This field defines the number of consecutive failed login attempts that can be made by a USER before the USER
gets locked out or the USER’s data is erased. This security feature prevents illegal access to the USER’s data
and keys: it prevents an impostor from cracking the USER’s authentication code on the token. Whether the user
is locked out or the data is erased depends upon the "USER zeroize" bit. If the USER zeroize bit is disabled, too
many failed login attempts results in the USER getting locked out. In this case, the USER’s identity and private
data (including key material) are erased from the token. The SO must create a new user in order to continue.
The new user will have no association with the previous (deleted) user.
3.2.2. Minimum/Maximum Authentication Code Length
These two fields define the minimum and maximum length restrictions for a USER's authentication code.
3.2.3. Local Policies
The following table defines the flags that identify the security policies that dictate the behavior of the users on the
token.
Name Description
TPV_USER_ZEROIZE This bit determines whether the token can be zeroized by a normal user or if only
the token's SO can zeroize the token.
This bit indicates whether the token is centrally controlled.
When this bit is set, it indicates that a valid token user can zeroize the token. This bit
enables using the token in an environment where the SO is not commonly used.
When this bit is set, the SO cannot change a user password, and a user is zeroized
after too many unsuccessful login attempts.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
10 of 17
Name Description
TPV_USER_FW_UPDATE This bit determines whether the firmware can be updated by a normal user or if only
the token’s SO can update the firmware. When this bit is set, a normal user can
perform the firmware update.
TPV_M_OF_N_ACTIVATION This bit determines whether M of N activation is required for a user to gain access to
the token. When this bit and the FPV_SECURITY_POLICY_USE_M_OF_N bit are
the FPV is set, the token is not activated until the required number of parts to a split
secret has been entered.
TPV_KEY_ATTRIB_LOCK This bit determines whether the flag attributes of a key can be modified once the key
is a valid object on the token. When this bit is set, it indicates that the flag attributes
of a key cannot be modified after they have been established. For example, if this bit
is set and a DES key is created for encryption and decryption, these attributes
cannot be changed to wrap and unwrap once the key exists on the token.
TPV_KEY_SINGLE_FUNCTION This bit determines whether a key can be used to perform multiple types of
operations (i.e., use a key for encrypting, signing, and wrapping). When this bit is
set, it indicates that keys can be used only to perform single functions. For
symmetric keys, a single function is considered to be a pair of related functions such
as encryption/decryption, wrapping/unwrapping, or sign/verify. With the validated
release of Luna CA3
, multiple use of a key is allowed regardless of the value of
TPV_KEY_SINGLE_FUNCTION.
TPV_SIGNING_KEY_LOCAL When performing a signing operation, the private key used may have been
generated locally or provided by an external source. In most environments, it is
preferable to have the signing/verifying key pair generated by the token and never
extracted from it. However, in certain cases the signing keys are generated
externally and loaded on the token for subsequent signature operations. When this
bit is set, it indicates that externally generated keys cannot be used for signing
operations performed by the token.
TPV_FORCE_RSA_BLINDING This bit determines whether the token must perform blinding on RSA operations. If
the FPV_FORCE_RSA_BLINDING bit is on, RSA blinding is performed on the token
regardless of this TPV bit. However, if the FPV_FORCE_RSA_BLINDING bit is
clear, the TPV_FORCE_RSA_BLINDING bit determines if the token will use RSA
blinding. When the bit is set, blinding is performed.
TPV_DISABLE_CLONING_BY_USER This bit determines whether a user or both a user and the token's SO are permitted
to clone sensitive objects when the FPV_SECURITY_POLICY_ENABLE_CLONING
bit is set. If the FPV_SECURITY_POLICY_ENABLE_CLONING bit is clear, no
cloning is permitted and the TPV_DISABLE_CLONING_BY_USER bit has no effect
regardless of its value. When TPV_DISABLE_CLONING_BY_USER is clear, both a
user and the token's SO are permitted to clone sensitive objects. When the bit is
set, only the token's SO is permitted to clone sensitive objects.
4. IDENTIFICATION AND AUTHENTICATION (I&A)
The Luna CA
3
token enforces an identity-based user authentication policy. For normal users, the user number
and a valid authentication code (e.g., the data stored on a Datakey device) must be provided to the token before
access to private data and token services can be granted. For the SO, only a valid authentication code is
required.
Note: Normal users also have a text-based name associated with them. The name corresponding to a
particular user number can be queried from the token.
The authentication codes for the SO and users can be changed at any time by their respective owners. The SO
can also re-instate users with lost authentication codes. Re-instating users does not affect the cryptographic
material and data owned by the user and protected under the old authentication code.
The Luna CA
3
token implements policy that limits the number of login attempts. This feature prevents an
exhaustive search approach for finding the authentication code of the SO or user. The implementation of this
feature differs from that of an SO authentication code search and that of a user authentication code search.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
11 of 17
For a user authentication code search:
• If “n” consecutive user logon attempts fail, the token flags the event in the user’s authorization
vector (UAV). This erases the user’s profile and private data from the token. The SO must
create a new user; the new user will have no association with the deleted user. (The value of "n"
is defined by the SO in the TPV.)
For an SO authentication code search:
• If “n” consecutive SO logon attempts fail, the token is zeroized and its operational state goes to
ZEROIZED. (The value of "n" is defined in the FPV, which is defined when a Luna CA
3
token is
manufactured and cannot be modified without invalidating the CRC value of the software load.)
4.1. High Availability Recovery Support
Luna CA
3
provides an indirect login mechanism to support a capability for high availability recovery between two
Luna CA
3
devices. It permits a backup Luna CA
3
device to share a common authentication state with the
primary device within a given domain in order to allow automatic recovery of operations via the backup device in
the event a primary device failure.
5. DISCRETIONARY ACCESS CONTROL (DAC)
Every data object on the token can be public or private. Private data objects are labeled with a number that
corresponds to the owner and can be accessed only by the legitimate owner. A user cannot create a key or
certificate object as a public object. Only data objects can be public or private.
The token does not allow for any granularity of ownership other than that of individual or public (i.e., a data object
cannot be owned by two users and restricted from other users). Also, the ownership of an object implies
read/write/modify/execute access to the object, which means full access rights to the object.
6. M OF N ACTIVATION
Luna CA
3
supports a token activation feature called M of N. The concept of the M of N activation capability
provides protection of a secret by "splitting" it into "N" pieces, where any "M" of these pieces must be
reassembled to reconstruct the original secret. The Luna CA
3
feature is based on Shamir’s threshold scheme.
This scheme allows a secret value to be shared by "n" external recipients without risking any compromise to the
secret.
Initialization for M of N activation must be performed when there are no permanent sensitive objects stored on
the token. Otherwise, there is a risk of corrupting objects stored in flash prior to generating the M of N set or
after “deactivating” the feature. Management of M of N activation is an operational issue for the SO.
The M of N secret splits may be shared by more than one token within a domain. This capability must be
invoked at the time of initialization. This same capability may be used to duplicate the M of N secret splits for
backup purposes.
Note that for M of N activation to be effective, the values of M and N should be two or greater. Consider, for
example, a 1 of 1 share to be of little value in securing activation of a token.
7. OBJECT REUSE
The token enforces an object reuse policy in that every object is allocated a portion of memory (flash or SRAM).
The policy also ensures that no other objects are placed in the same memory location unless all previous
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
12 of 17
memory content are initialized and purged. When cryptographic functions are performed, a cryptographic
context is created to hold data required by the function (e.g., a DES key schedule for a DES function or an MD5
chaining vector). The cryptographic context only exists in SRAM memory and is not assigned to any functions
except those defined by its owner. The memory assigned to a cryptographic context is always purged of its
content before being handed over to a function.
8. NOTES
Datakey is a registered trademark of Datakey, Inc.
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
13 of 17
APPENDIX A. Cryptographic Algorithms Support
Encrypt/Decrypt:
• DES-ECB
• DES-CBC
• 3-DES-ECB
• 3-DES-CBC
• RC2-ECB
• RC2-CBC
• RC4
• RC5-ECB
• RC5-CBC
• CAST-ECB
• CAST-CBC
• CAST3-ECB
• CAST3-CBC
• CAST5-ECB
• CAST5-CBC
• RSA X-509
Digest:
• MD2
• MD5
• SHA-1
Sign/Verify:
• RSA-1024
• RSA-2048
• RSA-4096
• DSA
• DES-MAC
• 3-DES-MAC
• RC2-MAC
• RC5-MAC
• CAST-MAC
• CAST3-MAC
• CAST5-MAC
• SSL3-MD5-MAC
• SSL3-SHA1-MAC
• HMAC-SHA1
• HMAC-MD5
Generate Key:
• DES
• double length DES
• triple length DES
• RC2
• RC4
• RC5
• CAST
• CAST3
• CAST5
• PBE-MD2-DES
• PBE-MD5-DES
• PBE-MD5-CAST
• PBE-MD5-CAST3
• PBE-SHA-1-CAST5
• GENERIC-SECRET
• SSL PRE-MASTER
Generate Key Pair:
• RSA-1024
• RSA-2048
• RSA-4096
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
14 of 17
• DSA-1024
• DH-1024
• DH-2048
Wrap Symmetric Key Using Symmetric Algorithm:
• DES-ECB
• 3-DES-ECB
• RC2-ECB
• CAST-ECB
• CAST3-ECB
• CAST5-ECB
Wrap Symmetric Key Using Asymmetric Algorithm:
• RSA-1024
• RSA-2048
• RSA-4096
Wrap Asymmetric Key Using Symmetric Algorithm:
• 3-DES-CBC1
Unwrap Symmetric Key With Symmetric Algorithm:
• DES-ECB
• 3-DES-ECB
• RC2-ECB
• CAST-ECB
• CAST3-ECB
• CAST5-ECB
Unwrap Symmetric Key With Asymmetric Algorithm:
• RSA-1024
• RSA-2048
• RSA-4096
Unwrap Asymmetric Key With Symmetric Algorithm:
• DES-CBC
• 3-DES-CBC
• CAST-CBC
• CAST3-CBC
• CAST5-CBC
Derive Key Value:
• DH-1024
• DH-2048
• concatenate Base & Key
• concatenate Base & Data
• concatenate Data & Base
• XOR Base and Data
• Extract Key from Key
• MD2 Derivation
• MD5 Derivation
• SHA-1 Derivation
• SSL3-Master
• SSL3-Key & MAC
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
15 of 17
APPENDIX B. Fixed Policy Vector Settings
Standard
Luna CA
Domestic
Standard
Luna CA
Export
Token Policy Vector Settings
TPV_USER_ZEROIZE 1 1
TPV_USER_FW_UPDATE 0 0
TPV_M_OF_N_ACTIVATION 0 0
TPV_KEY_ATTRIB_LOCK 1 1
TPV_KEY_SINGLE_FUNCTION 0 0
TPV_SIGNING_KEY_LOCAL 0 0
TPV_MAX_PIN_LEN 48 48
TPV_MIN_PIN_LEN 4 4
TPV_LOGIN_FAILS_ALLOWED 10 10
TPV_DISABLE_CLONING_BY_USER 0 0
Fixed Policy Vector Settings
FPV_SECURITY_POLICY_DOMESTIC 1 0
FPV_SECURITY_POLICY_ENABLE_CLONING 1 1
FPV_SECURITY_POLICY_USE_CAV 0 0
FPV_SECURITY_POLICY_WRAPPING_TOKEN 0 0
FPV_SECURITY_POLICY_USE_M_OF_N 1 1
FPV_SECURITY_POLICY_USE_RAW_RSA 1 1
FPV_SECURITY_POLICY_SPECIAL_CLONING 1 1
FPV_ENABLE_CCM 0 0
FPV_SEC_KEY_POLICY_SENSITIVE 1 1
FPV_SEC_KEY_POLICY_NO_CREATE 1 1
FPV_PRI_KEY_POLICY_SENSITIVE 1 1
FPV_PRI_KEY_POLICY_NO_CREATE 1 1
FPV_SO_LOGIN_FAILS_ALLOWED 3 3
FPV_PIN_MUST_USE_SP 0 0
FPV_MOFN_MUST_USE_SP 0 0
FPV_KCV_MUST_USE_SP 0 0
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
16 of 17
APPENDIX C. Session And Login States Required For Luna Commands
Command
To
Module
No
Session
Open
Session
Open, No
Login
SO
Logged
On
User
Logged
On
Token Main Module Commands
LUNA_ZEROIZE √
LUNA_INIT_TOKEN √
LUNA_GET √
LUNA_GET_USV √
LUNA_SET_TPV √
LUNA_FW_UPDATE √
LUNA_CONFIGURE_SP √
Session Manager Commands
LUNA_OPEN_ACCESS √
LUNA_CLEAN_ACCESS √
LUNA_CLOSE_ACCESS √
LUNA_GET_ALL_ACCESSES √
LUNA_OPEN_SESSION √
LUNA_CLOSE_SESSION √
LUNA_CLOSE_ALL_SESSIONS √
LUNA_GET_SESSION_INFO √
LUNA_EXTRACT_CONTEXTS √
LUNA_INSERT_CONTEXTS √
User Module Commands
LUNA_GET_USER_LIST √
LUNA_GET_USER_NAME √
LUNA_LOGIN √
LUNA_LOGOUT √
LUNA_SET_PIN √
LUNA_INIT_PIN √
LUNA_CREATE_USER √
LUNA_DELETE_USER √
Object Management Module
LUNA_CREATE_OBJECT √
LUNA_COPY_OBJECT √
LUNA_DESTROY_OBJECT √
LUNA_GET_OBJECT_SIZE √
LUNA_GET_ATTRIBUTE_VALUE √
LUNA_GET_ATTRIBUTE_SIZE √
LUNA_MODIFY_OBJECT √
LUNA_FIND_OBJECTS √
Random Number Generator Module
LUNA_GET_RANDOM √
LUNA_SEED_RANDOM √
Key Management Module
LUNA_GENERATE_KEY √
LUNA_GENERATE_KEY_W_VALUE √
LUNA_GENERATE_KEY_PAIR √
LUNA_WRAP_KEY √
LUNA_UNWRAP_KEY √
LUNA_UNWRAP_KEY_W_VALUE √
LUNA_DERIVE_KEY √
LUNA_DERIVE_KEY_W_VALUE √
LUNA_MFG_LOAD √
Cryptographic Algorithm Module
LUNA_ENCRYPT_INIT √
LUNA_ENCRYPT_INIT_W_VALUE √
LUNA_ENCRYPT_INIT √
Document Number
CR-0782
Change Level
7
Security Level
None
Page Number
17 of 17
Command
To
Module
No
Session
Open
Session
Open, No
Login
SO
Logged
On
User
Logged
On
LUNA_ENCRYPT_INIT_W_VALUE √
LUNA_ENCRYPT √
LUNA_ENCRYPT_FIFO √
LUNA_ENCRYPT_END √
LUNA_DECRYPT_INIT √
LUNA_DECRYPT_INIT_W_VALUE √
LUNA_DECRYPT √
LUNA_DECRYPT_FIFO √
LUNA_DECRYPT_END √
LUNA_DECRYPT_RAW_RSA √
LUNA_DIGEST_INIT √
LUNA_DIGEST √
LUNA_DIGEST_FIFO √
LUNA_DIGEST_KEY √
LUNA_DIGEST_KEY_VALUE √
LUNA_DIGEST_END √
LUNA_SIGN_INIT √
LUNA_SIGN_INIT_W_VALUE √
LUNA_SIGN √
LUNA_SIGN_FIFO √
LUNA_SIGN_END √
LUNA_SIGN_SINGLEPART √
LUNA_SIGN_UPDATE_KEY √
LUNA_SIGN_FINAL_DERIVE_KEY √
LUNA_VERIFY_INIT √
LUNA_VERIFY_INIT_W_VALUE √
LUNA_VERIFY √
LUNA_VERIFY_FIFO √
LUNA_VERIFY_END √
LUNA_VERIFY_SINGLEPART √
LUNA_GET_MECH_LIST √
LUNA_GET_MECH_INFO √
LUNA_SELF_TEST √
LUNA_SET_UP_MASKING_KEY √
LUNA_CLONE_AS_SOURCE √
LUNA_CLONE_AS_TARGET_INIT √
LUNA_CLONE_AS_TARGET √
LUNA_GEN_TKN_KEYS √
LUNA_LOAD_CERT √
LUNA_GEN_KCV √
LUNA_LOAD_CUSTOMER_VERIFICATION_KEY √
LUNA_M_OF_N_GENERATE √
LUNA_M_OF_N_ACTIVATE √
LUNA_M_OF_N_MODIFY √
Special Packet Processing Commands
LUNA_IPSEC_INIT_NO_USER √
LUNA_IPSEC_PROCESS_PACKET √
LUNA_IPSEC_END √
LUNA_GEN_CRC32 √
LUNA_SCP_TEST √