© Copyright 2011 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
20
DRBG
V
SP
800
‐
90
256
‐
bits
This
is
the
seed
key
for
SP
800
‐
90
DRBG.
generated
from
entropy
source
via
the
CTR_DRBG
derivation
function
DRAM
(plaintext)
power
cycle
the
device
Diffie
Hellman
shared
secret
DH
1024
‐
4096
bits
This
is
the
shared
secret
agreed
upon
as
part
of
DH
exchange
N/A
DRAM
(plaintext)
Zeroized
upon
deletion
Diffie
Hellman
private
exponent
DH
1024
‐
4096
bits
The
private
exponent
used
in
Diffie
‐
Hellman
(DH)
exchange.
Generated
using
FIPS
approved
DRBG
DRAM
(plaintext)
Automatically
after
shared
secret
generated.
SSH
keys/CSPs
SSH
Private
key
RSA
1024
‐
2048
bits
This
is
the
SSH
private
key
used
to
authenticate
the
module
Generated
or
entered
like
any
RSA
key
NVRAM
(plaintext)
Zeroized
by
either
deletion
(via
#
crypto
key
zeroize
rsa)
or
by
overwriting
with
a
new
value
of
the
key
SSH
session
key
Triple
‐
DES/AES
3
‐
key
Triple
‐
DES
128/192/256
bits
AES
keys
This
is
the
symmetric
SSH
key
used
to
protect
SSH
session
Created
as
part
of
SSH
session
set
‐
up
DRAM
(plaintext)
Zeroized
automatically
when
SSH
session
is
closed
Table 8 Cryptographic Keys and CSPs
2.7
Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router
includes an array of self-tests that are run during startup and periodically during operations.
2.7.1
Self-tests performed by the IOS image
•
IOS Self Tests
o
POST tests
AES Known Answer Test
RSA Signature Known Answer Test (both signature/verification)
Software/firmware test
