You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An issue from Masatoshi Kawashima, Information Technology Security Center
HCD SD Version 1.0
Section 2.2.1. FCS_CKM.1/SKG Cryptographic key generation (Symmetric Keys)” of HCD SD, Section 2.2.1.1 TSS”
As last selection of FCS_CKM.1.1/SKG, one can select Section 6.1 or 6.3 of NIST SP 800-133 Rev.2. Section 6.1 of SP 800-133 describes symmetric keys that are directly generated from the output of an RBG, and Section 6.3 describes symmetric keys produced by combining keys and other data.
On the other hand, Section 2.2.1.1 of HCD SD says that the evaluator shall verify how the TOE obtains a symmetric key through direct generation from a random bit generator. This requirement is considered to be inadequate when SP 800-133 Rev.2 Section 6.3 is selected.
Proposed Resolution (if any):
The word “direct” should be deleted from Section 2.2.1.1 of HCD SD.
The text was updated successfully, but these errors were encountered:
I have implemented the following fix:
2.2.1.1. TSS
The evaluator shall review the TSS to determine that it describes how the functionality described by FCS_RBG_EXT.1 is invoked and how the TOE obtains a symmetric key through direct generation from a random bit generator as specified in FCS_RBG_EXT.1 or by combining one or more keys and other data.
An issue from Masatoshi Kawashima, Information Technology Security Center
HCD SD Version 1.0
Section 2.2.1. FCS_CKM.1/SKG Cryptographic key generation (Symmetric Keys)” of HCD SD, Section 2.2.1.1 TSS”
As last selection of FCS_CKM.1.1/SKG, one can select Section 6.1 or 6.3 of NIST SP 800-133 Rev.2. Section 6.1 of SP 800-133 describes symmetric keys that are directly generated from the output of an RBG, and Section 6.3 describes symmetric keys produced by combining keys and other data.
On the other hand, Section 2.2.1.1 of HCD SD says that the evaluator shall verify how the TOE obtains a symmetric key through direct generation from a random bit generator. This requirement is considered to be inadequate when SP 800-133 Rev.2 Section 6.3 is selected.
Proposed Resolution (if any):
The word “direct” should be deleted from Section 2.2.1.1 of HCD SD.
The text was updated successfully, but these errors were encountered: