Page 10 of 17
© Copyright 2006 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
RSA Private Key
1024 bit RSA
private key
(80-bits of
security)
Internally generated using PKCS#1
key generation mechanism
Stored on flash in
plaintext. Zerorized
by overwriting the
flash image.
Key transport
Integrity Check Keys
HMAC keys
Externally generated, hard coded in
the module
Stored on flash in
plaintext. Zerorized
by overwriting the
flash image.
Firmware Integrity
test
X9.31 PRNG
2-key TDES
keys, 8 bytes
of seed value
Internally generated
Held in volatile
memory only in
plaintext. Zerorized
on reboot.
RNG
Table 5 – Listing of Key and Critical Security Parameters
Access Control Policy
User functionalities have read/write access to the AES Session Key and RSA
public key. AES Session key is used to decrypt the data for printing. RSA public
key is used for AES Session key transport. Integrity Check Keys can be read by
Crypto-Officer “Run Self-Test” service.
Key Generation
The module key is generated internally is 1024 bits RSA key pair using PKCS#1-
compliant key generation techniques. FIPS-approved PRNG X9.31 Appendix
A.2.4 is used to seed the RSA key generation mechanism. AES Session Key is
generated outside of the module and imported via RSA key transport.
Key Storage
The AES Session Key is held in volatile memory only in plaintext. The RSA
public key is stored in flash memory in an X.509 certificate in plaintext, and the
RSA private key is stored flash memory in plaintext.
Key Entry and Output
All keys that are entered into (AES key) or output from (RSA certificate) the
module are electronically entered or output. AES Session Key is enters into the
module transported (encrypted) by RSA public key.
Key Zerorization
AES Session key is an ephemeral key which is zerorized after the connection is
closed or by rebooting the module. The module provides no service to erase or
discard the RSA key pair. The key pair is erased by overwriting the flash image
with a new image.
Self-Tests
The PrintCryption module runs power-up and conditional self-tests to verify that
it is functioning properly. Power-up self-tests are performed during startup of the
module, and conditional self-tests are executed whenever specific conditions are
met.