This page was not yet optimized for use on mobile
devices.
Thales Luna USB Hardware Security Module
Certificate #3211
Webpage information
Security policy
Symmetric Algorithms
AES, AES-256, CAST5, RC2, RC5, DES, Triple-DES, ARIA, SEED, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-224, CMACAsymmetric Algorithms
RSA 2048, RSA-2048, RSA-4096, RSA-1024, RSA 4096, ECDH, ECDSA, ECIES, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA-224, MD5Schemes
MAC, Key AgreementProtocols
SSL, TLSRandomness
PRNG, DRBG, RNG, RBGElliptic Curves
P-384Block cipher modes
ECB, CBC, CTR, OFBVendor
ThalesSecurity level
Level 3, level 3, Level 2Side-channel analysis
physical probing, Timing attacksStandards
FIPS 140-2, FIPS PUB 140-2, FIPS PUB 186-4, FIPS PUB 197, FIPS PUB 186-2, FIPS PUB 180-4, FIPS PUB 198-1, FIPS PUB 113, FIPS 186-4, NIST SP 800-90A, SP 800-67, SP 800-57, NIST SP 800-108, NIST SP 800-56A, NIST SP 800-38B, PKCS #11, PKCS #1, X.509File metadata
| Author | Wolfe, Susan |
|---|---|
| Creation date | D:20210125113249-05'00' |
| Modification date | D:20210125113249-05'00' |
| Pages | 59 |
| Creator | Microsoft® Word 2013 |
| Producer | Microsoft® Word 2013 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3211,
"dgst": "4a8ed6268c1741e4",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"Triple-DES MAC#2552",
"SHS#4075",
"Triple-DES#2552",
"KBKDF#164",
"CVL#1562",
"HMAC#3330",
"AES#5012",
"HMAC#3306",
"Triple-DES#2585",
"DSA#1315",
"DSA#1298",
"AES#4849",
"ECDSA#1242",
"ECDSA#1278",
"KTS#5012",
"KAS#154",
"SHS#3988",
"RSA#2691",
"Triple-DES MAC#2585",
"DRBG#1704",
"RSA#2704"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"6.24.7",
"6.24.6"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 26
},
"ECDH": {
"ECDH": 3
},
"ECDSA": {
"ECDSA": 7
},
"ECIES": {
"ECIES": 4
}
},
"FF": {
"DH": {
"DH": 2,
"Diffie-Hellman": 8
},
"DSA": {
"DSA": 9
}
},
"RSA": {
"RSA 2048": 3,
"RSA 4096": 1,
"RSA-1024": 1,
"RSA-2048": 2,
"RSA-4096": 2
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 4
},
"OFB": {
"OFB": 2
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"TLS": {
"SSL": {
"SSL": 1
},
"TLS": {
"TLS": 6
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 3
},
"MAC": {
"MAC": 5
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-384": 14
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 4,
"#11": 6,
"#1242": 2,
"#1278": 2,
"#1298": 2,
"#1315": 2,
"#154": 1,
"#1562": 1,
"#164": 1,
"#1704": 1,
"#2552": 2,
"#2585": 3,
"#2691": 2,
"#2704": 2,
"#3306": 2,
"#3330": 2,
"#3988": 1,
"#4075": 1,
"#4849": 1,
"#5012": 4
}
},
"fips_certlike": {
"Certlike": {
"#2585 AES": 1,
"AES 128, 192": 2,
"AES 128, 192 and 256": 1,
"AES 256": 5,
"AES Cert. #5012": 1,
"AES-256": 10,
"AES-256 #1704": 1,
"DSA 2048": 1,
"Diffie-Hellman (2048": 1,
"HMAC SHA-1": 1,
"HMAC SHA-224": 1,
"HMAC SHA-256": 1,
"HMAC SHA-384": 1,
"HMAC SHA-512": 1,
"HMAC-SHA-1": 6,
"HMAC-SHA-18": 2,
"HMAC-SHA-19": 2,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512 #3306": 2,
"HMAC-SHA-512 #3330": 2,
"PKCS #1": 8,
"PKCS #11": 12,
"RSA 2048": 3,
"RSA 4096": 1,
"SHA- 224": 2,
"SHA- 384": 2,
"SHA- 512": 1,
"SHA-1": 15,
"SHA-16": 1,
"SHA-224": 15,
"SHA-256": 18,
"SHA-384": 15,
"SHA-512": 16
}
},
"fips_security_level": {
"Level": {
"Level 2": 2,
"Level 3": 15,
"level 3": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"SHA": {
"SHA1": {
"SHA-1": 15
},
"SHA2": {
"SHA-224": 15,
"SHA-256": 18,
"SHA-384": 15,
"SHA-512": 16
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 38,
"PRNG": 1
},
"RNG": {
"RBG": 1,
"RNG": 1
}
},
"side_channel_analysis": {
"SCA": {
"Timing attacks": 1,
"physical probing": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-2": 9,
"FIPS 186-4": 3,
"FIPS PUB 113": 1,
"FIPS PUB 140-2": 5,
"FIPS PUB 180-4": 1,
"FIPS PUB 186-2": 1,
"FIPS PUB 186-4": 5,
"FIPS PUB 197": 2,
"FIPS PUB 198-1": 1
},
"NIST": {
"NIST SP 800-108": 2,
"NIST SP 800-38B": 1,
"NIST SP 800-56A": 1,
"NIST SP 800-90A": 7,
"SP 800-57": 2,
"SP 800-67": 2
},
"PKCS": {
"PKCS #1": 4,
"PKCS #11": 6
},
"X509": {
"X.509": 4
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 26,
"AES-256": 11
},
"CAST": {
"CAST5": 2
},
"RC": {
"RC2": 2,
"RC5": 2
}
},
"DES": {
"3DES": {
"Triple-DES": 14
},
"DES": {
"DES": 2
}
},
"constructions": {
"MAC": {
"CMAC": 3,
"HMAC": 9,
"HMAC-SHA-224": 1,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2
}
},
"miscellaneous": {
"ARIA": {
"ARIA": 2
},
"SEED": {
"SEED": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Thales": {
"Thales": 170
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Wolfe, Susan",
"/CreationDate": "D:20210125113249-05\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2013",
"/ModDate": "D:20210125113249-05\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2013",
"pdf_file_size_bytes": 1365582,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://supportportal.thalesgroup.com/csm"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 59
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "ecef04570d431bce70fa9f058ba7a746aafd550a8c82583a4914520a26c1a886",
"policy_txt_hash": "560dc69de0ade8cb3c8260e750e274c5da7a594c525e4bc89ffb8b917a48cbfb"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/JuneCertFinal.pdf",
"date_sunset": null,
"description": "The Thales Luna USB HSM delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": null,
"fw_versions": "6.24.6 [1] and 6.24.7 [2]",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "LTK-03, Version Code 0102 [1, 2] and LTK-03, Version Code 0103 [1, 2]",
"level": 3,
"mentioned_certs": {},
"module_name": "Thales Luna USB Hardware Security Module",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-06-27",
"lab": "EWA - Canada",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-08-31",
"lab": "EWA - Canada",
"validation_type": "Update"
}
],
"vendor": "Thales",
"vendor_url": "http://www.gemalto.com"
}
}