Key strength and key wrapping

Edit online

Key strength is measured as bits of security as described in the documentation of NIST and other organizations. Each individual key will have its bits of security computed, then the different key types (AES, DES, ECC, RSA, HMAC) can have their relative strengths compared on a single scale. When the raw value of a particular key falls between discrete values of the NIST table, the lower value from the table is used as the bits of security.

Table 1 and Table 2 show some examples of the restrictions due to key strength.

Table 1. AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER key
Key-usage field 2 in the HMAC key	Minimum strength of AES EXPORTER key to adequately protect the HMAC key
SHA-256, SHA-384, SHA-512	256 bits
SHA-224	192 bits
SHA-1	128 bits

Table 2. Minimum RSA modulus length to adequately protect an AES key
Bit length of AES key to be exported	Minimum strength of RSA wrapping key to adequately protect the AES key
128	3072
192	7860
256	15360

Note: At the time of writing, CCA supports RSA keys up to 4096 bits.