Enterprise PKCS #11 coprocessors are designed
to always operate in a FIPS compliant fashion. There are four optional
compliances modes that a given domain can be in. The FIPS modes correspond
to the FIPS 140-2 requirements as of 2009 and 2011. The BSI modes
correspond to the BSI HSM protection profile, and German Bundesnetzagentur
algorithms as of 2009 and 2011.
These compliance modes are not mutually exclusive and are set
ON by disabling certain access control points:
- FIPS 2009 – Card adheres to FIPS restrictions that
went into effect in 2009 – equivalent to ICSF’s FIPS140
mode. This is the default mode. A domain cannot be set to be less
restrictive than this mode. This mode has the following policy/restrictions:
- Algorithms and keys below 80-bit of strength are not permitted.
- RSA private-keys may not be use without padding.
- Newly generated asymmetric keys always undergo selftests.
- The minimum keysize on HMAC is 1/2 the algorithm's output size.
- Only FIPS-approved algorithms (as of 2009) are present.
- FIPS 2011 – Card adheres to FIPS restrictions that
went into effect in 2011. (More restrictive than FIPS 2009.) The following
access control points would need to be disabled:
- Allow 80 to 111-bit algorithms.
- Allow non-FIPS-approved algorithms (as of 2011).
- Allow RSA public exponents below 0x10001.
- BSI 2009 – Card adheres to BSI restrictions that
went into effect in 2009. The following access control point would
need to be disabled:
- Allow keywrap without attribute-binding.
- Allow non-BSI-approved algorithms (as of 2009).
- BSI 2011 – Card adheres to BSI restrictions that
went into effect in 2011. (More restrictive than BSI 2009.) The following
access control points would need to be disabled:
- Allow keywrap without attribute-binding.
- Allow 80 to 111-bit algorithms.
- Allow non-BSI-approved algorithms (as of 2011).
Whenever a secure key is created, the current compliance mode of
the Enterprise PKCS #11 coprocessor is recorded inside the secure
key. If the compliance mode of the coprocessor is subsequently changed,
all previously created secure keys become unusable until their compliance
modes are updated. See Steps for running the pre-compiled version of testpkcs11 for
information on how to modify the compliance mode of a secure key using
a sample program distributed by IBM. The compliance mode of a key
may also be updated by using the PKCS #11 Token Browser ISPF panels.
See the z/OS Security Server RACF Security Administrator's Guide for
more information on these panels.