Lexmark 10G0149 - PrintCryption Card Encryption Module, Manual, Page: 11 / 17

Page 11 of 17
© Copyright 2006 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Firmware Integrity Check: The module employs a firmware integrity
test in the form of HMAC SHA-1 over the three module binaries.
Cryptographic Algorithm Tests: Known Answer Tests (KATs) are run
at power-up for the following algorithms:
•
AES KAT
•
TDES KAT
•
RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency
check
•
SHA-1 KAT
•
X9.31 RNG KAT
The module implements the following Conditional self-tests:
•
Continuous RNG Test for X9.31 PRNG
•
Continuous RNG Test for entropy gathering
•
RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency
check
If any of these self-tests fail, the module will output an error indicator and enter
an error state.
Design Assurance
Source code and associated documentation files are managed and recorded using
a MLS/Subversion system. Subversion is a version control system that stores
multiple revisions of the codeset with a revisionary history and older revisions are
always accessible. MLS is a customized user interface for use by developers that
does not override or bypass the role of the Subversion backend.
Additionally, Concurrent Versions System (CVS) is used to provide configuration
management for the firmware module’s FIPS documentation. This software
provides access control, versioning, and logging.
Mitigation of Other Attacks
The PrintCryption module does not employ security mechanisms to mitigate
specific attacks.