2016 Symantec Corporation This document may be freely reproduced & distributed whole & intact including this copyright
notice.
37
Key
Key Type
Generation/
Input
Output
Storage
Use
Other entity
public key
RSA 2048,
3072, 4096
8192 bits DH
2048-15360
bits; ECDSA
and ECDH
all NIST
defined B, K,
and P curves
Sent to the
module in
plaintext
If not intercepted,
output as part of
SSL/TLS
handshake
Viewable in plain
text from WebUI
Other entities'
public keys
reside in volatile
memory and
may be cached
encrypted with
associated object
encryption key
and stored on
internal disk
Negotiating
SSL/TLS sessions
during SSL/TLS
interception
Key
exchange
private key
RSA 2048,
4096 bits
DH 160 - 512
bits;
ECDSA and
ECDH all
NIST defined
B, K, and P
curves 224
bits and
higher
Internally
generated using
DRBG
Imported from
an encrypted
backup
Exported in
Encrypted
backup
Encrypted with
associated object
encryption key
and stored on
internal disk
Negotiating
SSL/TLS sessions
during SSL/TLS
Interception
Key exchange
public key
RSA 2048,
3072, 4096
8192 bits DH
2048-15360
bits; ECDSA
and ECDH
all NIST
defined B, K,
and P curves
Internally
generated using
DRBG
Imported from
an encrypted
backup
Output during
SSL/TLS session
negotiation in
plaintext.
Exported in
encrypted
backup
Encrypted with
associated object
encryption key
and stored on
internal disk
Negotiating
SSL/TLS sessions
during SSL/TLS
interception
Resigning CA
public key
RSA 2048 bits
only for
internally
generated
RSA 2048,
3072, 4096,
8192 bits can
be imported
Internally
generated
using DRBG.
Can be
imported in
encrypted
format (PEM
or PKCS12 or
PKCS8) or
plaintext, or
from encrypted
backup
During TLS
negotiation in
plaintext.
Exported in
plaintext in a
certificate, or
in an
encrypted
backup
Encrypted with
associated object
encryption key
and stored on
internal disk
Resigning
server
certificates
during SSL/
TLS
interception