Key strength is measured as bits of security as described in the
documentation of NIST and other organizations. Each individual key will have its bits of
security computed, then the different key types (AES, DES, ECC, RSA, HMAC) can have their
relative strengths compared on a single scale. When the raw value of a particular key falls between
discrete values of the NIST table, the lower value from the table is used as the bits of
security.
Table 1 and
Table 2 show some examples of the
restrictions due to key strength.
Table 1. AES EXPORTER strength required
for exporting an HMAC key under an AES EXPORTER key
AES EXPORTER strength required for exporting an HMAC key under an AES
EXPORTER key with two columns showing Key-usage field 2 in the HMAC key and Minimum strength of AES
EXPORTER to adequately protect the HMAC key
| Key-usage field 2 in the HMAC key |
Minimum strength of AES EXPORTER key to adequately protect the HMAC key |
| SHA-256, SHA-384, SHA-512 |
256 bits |
| SHA-224 |
192 bits |
| SHA-1 |
128 bits |
Table 2. Minimum RSA modulus length to adequately protect an AES key
Minimum RSA modulus length to adequately protect an AES key with two columns
showing Bit length of AES key to be exported and Minimum strength of RSA wrapping key to adequately protect the AES key
| Bit length of AES key to be exported |
Minimum strength of RSA wrapping key to adequately protect the AES key |
| 128 |
3072 |
| 192 |
7860 |
| 256 |
15360 |
Note: At the time of writing, CCA supports RSA keys up to 4096 bits.