This page was not yet optimized for use on mobile
devices.
Thales Cryptovisor K7+ Cryptographic Module
Certificate #4328
Webpage information
Security policy
Symmetric Algorithms
AES, AES-256, AES192, AES256, AES-, CAST5, RC2, RC4, RC5, DES, TDEA, Triple-DES, ARIA, SM4, SEED, HMAC, CMACAsymmetric Algorithms
RSA 2048, RSA-2048, RSA-4096, RSA 4096, RSA-OAEP, ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA1, SHA2, SHA3, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD5, PBKDFSchemes
MAC, Key AgreementRandomness
DRBG, RNG, RBGElliptic Curves
P-224, P-256, P-384, P-521, P-192, curve P-521, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, K-163, B-163, sect571r2, sect571k2, sect409r1, sect409k1, sect283r1, sect283k1, secp256k1, sect239k1, sect233r1, sect233k1, secp224k1, sect193r2, sect193r1, secp192k1, sect163r2, sect163r1, sect163k1, secp160r2, secp160r1, secp160k1, secp384r1, secp521r1, prime239v3, prime239v2, prime239v1, prime192v3, prime192v2, c2pnb368w1, c2pnb359v1, c2pnb304w1, c2pnb272w1, c2pnb239v1, c2pnb239v2, c2pnb239v3, c2pnb191v3, c2pnb191v2, c2pnb191v1, c2pnb163v1, c2pnb163v2, c2pnb163v3, Curve25519Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, XTSTrusted Execution Environments
SSCVendor
STM, ThalesSecurity level
Level 3Side-channel analysis
physical probing, Timing attacksStandards
FIPS 140-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 202, FIPS 198-1, FIPS PUB 140-2, SP 800-108, PKCS #1, PKCS #11, PKCS#1, RFC 5639, RFC 7516, RFC 7748, X.509File metadata
| Author | Costa Graham |
|---|---|
| Creation date | D:20230201141559-05'00' |
| Modification date | D:20230201141559-05'00' |
| Pages | 75 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
References
Outgoing- 2047 - historical - RSA BSAFE(R) Crypto-C Micro Edition
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4328,
"dgst": "24f692ed38057c7c",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA#A1170",
"HMAC#A1171",
"KTS#5652",
"KTS-RSA#A1171",
"KDA#A1171",
"DRBG#2283",
"KAS-SSC#A1171",
"KAS#A1171",
"CVL#A1171",
"HMAC#3766",
"RSA#3043",
"AES#5652",
"RSA#2632",
"SHS#3951",
"SHA-3#A1171",
"RSA#2631",
"KBKDF#234",
"SHS#3952",
"RSA#3042",
"SHS#4533",
"KTS-RSA#A1170",
"ECDSA#1526",
"DSA#1452",
"RSA#A1171",
"ECDSA#A1171"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"1.1.5",
"1.1.2",
"1.1.4",
"1.1.1",
"2.0.0",
"2.0.2"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2047"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2047"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"2047"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 49
},
"ECDH": {
"ECDH": 13
},
"ECDSA": {
"ECDSA": 15
},
"EdDSA": {
"EdDSA": 2
}
},
"FF": {
"DH": {
"DH": 5,
"Diffie-Hellman": 4
},
"DSA": {
"DSA": 13
}
},
"RSA": {
"RSA 2048": 1,
"RSA 4096": 2,
"RSA-2048": 4,
"RSA-4096": 12,
"RSA-OAEP": 5
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 6
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 4
},
"ECB": {
"ECB": 6
},
"GCM": {
"GCM": 17
},
"OFB": {
"OFB": 2
},
"XTS": {
"XTS": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {
"KA": {
"Key Agreement": 13
},
"MAC": {
"MAC": 19
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 1
},
"NIST": {
"B-163": 1,
"B-233": 6,
"B-283": 6,
"B-409": 5,
"B-571": 6,
"K-163": 1,
"K-233": 6,
"K-283": 6,
"K-409": 6,
"K-571": 2,
"P-192": 2,
"P-224": 12,
"P-256": 12,
"P-384": 14,
"P-521": 13,
"c2pnb163v1": 1,
"c2pnb163v2": 1,
"c2pnb163v3": 1,
"c2pnb191v1": 1,
"c2pnb191v2": 1,
"c2pnb191v3": 1,
"c2pnb239v1": 1,
"c2pnb239v2": 1,
"c2pnb239v3": 1,
"c2pnb272w1": 1,
"c2pnb304w1": 1,
"c2pnb359v1": 1,
"c2pnb368w1": 1,
"curve P-521": 5,
"prime192v2": 1,
"prime192v3": 1,
"prime239v1": 1,
"prime239v2": 1,
"prime239v3": 1,
"secp160k1": 1,
"secp160r1": 1,
"secp160r2": 1,
"secp192k1": 1,
"secp224k1": 1,
"secp256k1": 1,
"secp384r1": 9,
"secp521r1": 3,
"sect163k1": 1,
"sect163r1": 1,
"sect163r2": 1,
"sect193r1": 1,
"sect193r2": 1,
"sect233k1": 1,
"sect233r1": 1,
"sect239k1": 1,
"sect283k1": 1,
"sect283r1": 1,
"sect409k1": 1,
"sect409r1": 1,
"sect571k2": 1,
"sect571r2": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"#11": 1,
"#1452": 1,
"#1453": 1,
"#1526": 2,
"#2044": 2,
"#2047": 1,
"#2283": 3,
"#234": 1,
"#2631": 1,
"#2632": 1,
"#3042": 1,
"#3043": 1,
"#3766": 1,
"#3951": 1,
"#3952": 1,
"#4533": 2,
"#4534": 1,
"#5652": 6
}
},
"fips_certlike": {
"Certlike": {
"#5652 AES": 1,
"AES #5652": 6,
"AES 5653": 1,
"AES- 256": 2,
"AES-256": 53,
"AES-GCM 256": 3,
"AES-GCM2": 1,
"AES192": 1,
"AES256": 16,
"Cert #2044 RSA": 2,
"Cert AES": 1,
"Cert SHS": 1,
"Cert. AES": 1,
"DRBG #2283": 3,
"DSA #1452": 1,
"DSA #1453": 1,
"HMAC #3766": 2,
"HMAC-SHA1": 6,
"PKCS #1": 2,
"PKCS #11": 2,
"PKCS#1": 4,
"RSA #2631": 1,
"RSA #2632": 1,
"RSA #3042": 1,
"RSA #3043": 1,
"RSA 2048": 1,
"RSA 4096": 2,
"RSASSA-PKCS1-v1_5": 1,
"SHA-3": 2,
"SHA1": 21,
"SHA2": 2,
"SHA2- 224": 5,
"SHA2- 256": 5,
"SHA2- 384": 9,
"SHA2- 512": 6,
"SHA2-224": 28,
"SHA2-256": 33,
"SHA2-384": 32,
"SHA2-512": 33,
"SHA3": 8,
"SHA3- 224": 2,
"SHA3- 256": 3,
"SHA3- 384": 2,
"SHA3- 512": 5,
"SHA3-224": 22,
"SHA3-256": 21,
"SHA3-384": 21,
"SHA3-512": 19,
"SHS #3951": 1,
"SHS #3952": 1,
"SHS #4533": 2,
"SHS cert #4534": 1
}
},
"fips_security_level": {
"Level": {
"Level 3": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"PBKDF": {
"PBKDF": 1
},
"SHA": {
"SHA1": {
"SHA1": 21
},
"SHA2": {
"SHA2": 2
},
"SHA3": {
"SHA-3": 2,
"SHA3": 8,
"SHA3-224": 22,
"SHA3-256": 21,
"SHA3-384": 21,
"SHA3-512": 19
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 90
},
"RNG": {
"RBG": 1,
"RNG": 5
}
},
"side_channel_analysis": {
"SCA": {
"Timing attacks": 1,
"physical probing": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-2": 49,
"FIPS 180-4": 2,
"FIPS 186-4": 31,
"FIPS 197": 4,
"FIPS 198-1": 3,
"FIPS 202": 2,
"FIPS PUB 140-2": 1
},
"NIST": {
"SP 800-108": 1
},
"PKCS": {
"PKCS #1": 1,
"PKCS #11": 1,
"PKCS#1": 2
},
"RFC": {
"RFC 5639": 16,
"RFC 7516": 3,
"RFC 7748": 3
},
"X509": {
"X.509": 13
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 24,
"AES-": 7,
"AES-256": 53,
"AES192": 1,
"AES256": 16
},
"CAST": {
"CAST5": 2
},
"RC": {
"RC2": 2,
"RC4": 2,
"RC5": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"Triple-DES": 1
},
"DES": {
"DES": 2
}
},
"constructions": {
"MAC": {
"CMAC": 5,
"HMAC": 8
}
},
"miscellaneous": {
"ARIA": {
"ARIA": 2
},
"SEED": {
"SEED": 2
},
"SM4": {
"SM4": 1
}
}
},
"tee_name": {
"IBM": {
"SSC": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"STMicroelectronics": {
"STM": 11
},
"Thales": {
"Thales": 196
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Costa Graham",
"/CreationDate": "D:20230201141559-05\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20230201141559-05\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"pdf_file_size_bytes": 2030462,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=8491",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=9898",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=9897",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=8490",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/AES#5652",
"https://supportportal.thalesgroup.com/csm",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/SHS#4534"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 75
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "d85b3a79482f8daa397ae93c2e0ba62dad7b91911ada732bf2d13085102dffbc",
"policy_txt_hash": "fe008d6eaa95d88bd884f89265f74172282223fa6bd85d094b7e0f1805926f08"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2022_021122_1233_signed.pdf",
"date_sunset": "2026-09-21",
"description": "The Thales Cryptovisor K7+ Cryptographic Module is a high-assurance, Hardware Security Module with a tamper-active physical enclosure targeted at the service provider market. The cryptographic module secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security for elastic deployments particularly in support of cloud applications.",
"embodiment": "Multi-Chip Embedded",
"exceptions": [
"Physical Security: Level 4"
],
"fw_versions": "2.0.0 and 2.0.2 with Boot Loader versions 1.1.1, 1.1.2, 1.1.4 and 1.1.5",
"historical_reason": null,
"hw_versions": "808-000069-001 and 808-000070-001",
"level": 3,
"mentioned_certs": {},
"module_name": "Thales Cryptovisor K7+ Cryptographic Module",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2022-10-12",
"lab": "EWA - Canada",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-03-27",
"lab": "EWA - Canada",
"validation_type": "Update"
}
],
"vendor": "Thales",
"vendor_url": "http://www.gemalto.com"
}
}