This page was not yet optimized for use on mobile devices.
Thales CipherTrust Manager Core Security Module
Certificate #4430
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-128, AES-, AES-256, DES, TDES, TDEA, Triple-DES, Poly1305, ARIA, SEED, HMAC, CMAC, CBC-MACAsymmetric Algorithms
ECDH, ECDHE, ECDSA, ECC, DH, Diffie-Hellman, DHEHash functions
SHA-1, SHA1, SHA2, SHA-3, SHA3, SHA3-224, SHA3-384, SHA3-512, SHA3-256, PBKDFSchemes
MAC, Key AgreementProtocols
SSH, TLS, TLS 1.2, TLS 1.3, TLS 1.0, TLS 1.1Randomness
DRBG, RNGElliptic Curves
P-224, P-256, P-384, curve P-224, curve P-256, P-521, P-512Block cipher modes
ECB, CBC, CTR, GCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHATrusted Execution Environments
SSCVendor
ThalesSecurity level
Level 1Standards
FIPS 140-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 202, FIPS 198-1, PKCS #1, PKCS#1, RFC5246, RFC 5246, RFC5288, RFC 5288, RFC5639, RFC 5639, RFC7516, RFC 7516, RFC8446, RFC 8446, X.509File metadata
| Author | Costa Graham |
|---|---|
| Creation date | D:20221121142454-05'00' |
| Modification date | D:20221121142454-05'00' |
| Pages | 84 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
09.02.2023 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4430,
"dgst": "bfb0f696b1e31571",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"KTS-RSA#A1779",
"DRBG#A1779",
"SHA-3#A1779",
"AES#A1779",
"RSA#A1779",
"AES#A1778",
"KAS-SSC#A2634",
"AES#A2634",
"HMAC#A1779",
"Triple-DES#A2634",
"AES#A2635",
"KDA#A1779",
"ECDSA#A1779",
"SHS#A2634",
"SHS#A1779",
"KAS-SSC#A1779",
"PBKDF#A1779",
"ECDSA#A2634",
"Triple-DES#A1779",
"CVL#A1779",
"HMAC#A2634",
"KTS#A2635",
"KTS#A2634"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 11
},
"ECDH": {
"ECDH": 13,
"ECDHE": 2
},
"ECDSA": {
"ECDSA": 32
}
},
"FF": {
"DH": {
"DH": 1,
"DHE": 1,
"Diffie-Hellman": 4
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 23
},
"CTR": {
"CTR": 7
},
"ECB": {
"ECB": 10
},
"GCM": {
"GCM": 42
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 3
},
"TLS": {
"TLS": {
"TLS": 62,
"TLS 1.0": 4,
"TLS 1.1": 3,
"TLS 1.2": 22,
"TLS 1.3": 18
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"MAC": {
"MAC": 35
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 20,
"P-256": 32,
"P-384": 22,
"P-512": 3,
"P-521": 8,
"curve P-224": 2,
"curve P-256": 4
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 7
}
},
"fips_certlike": {
"Certlike": {
"AES (128": 1,
"AES-128": 1,
"AES-256": 2,
"Certificate RSA": 1,
"HMAC-SHA-1": 12,
"HMAC-SHA1": 2,
"PKCS #1": 11,
"PKCS#1": 11,
"RSA PKCS #1": 2,
"SHA-1": 3,
"SHA-3": 1,
"SHA1": 6,
"SHA2": 2,
"SHA2- 224": 3,
"SHA2- 256": 4,
"SHA2- 384": 1,
"SHA2- 512": 7,
"SHA2-224": 10,
"SHA2-256": 34,
"SHA2-384": 23,
"SHA2-512": 37,
"SHA3": 2,
"SHA3- 256": 1,
"SHA3- 512": 1,
"SHA3-224": 1,
"SHA3-256": 1,
"SHA3-384": 3,
"SHA3-512": 1,
"\u2013 PKCS #1": 1,
"\u2013 PKCS#1": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 16
},
"SHA": {
"SHA1": {
"SHA-1": 3,
"SHA1": 6
},
"SHA2": {
"SHA2": 2
},
"SHA3": {
"SHA-3": 1,
"SHA3": 2,
"SHA3-224": 1,
"SHA3-256": 1,
"SHA3-384": 3,
"SHA3-512": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 52
},
"RNG": {
"RNG": 5
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 26,
"FIPS 180-4": 1,
"FIPS 186-4": 16,
"FIPS 197": 6,
"FIPS 198-1": 3,
"FIPS 202": 3
},
"PKCS": {
"PKCS #1": 7,
"PKCS#1": 6
},
"RFC": {
"RFC 5246": 1,
"RFC 5288": 1,
"RFC 5639": 1,
"RFC 7516": 1,
"RFC 8446": 1,
"RFC5246": 2,
"RFC5288": 3,
"RFC5639": 1,
"RFC7516": 2,
"RFC8446": 4
},
"X509": {
"X.509": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 105,
"AES-": 1,
"AES-128": 1,
"AES-256": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"TDES": 1,
"Triple-DES": 26
},
"DES": {
"DES": 6
}
},
"constructions": {
"MAC": {
"CBC-MAC": 4,
"CMAC": 1,
"HMAC": 55
}
},
"djb": {
"Poly": {
"Poly1305": 1
}
},
"miscellaneous": {
"ARIA": {
"ARIA": 2
},
"SEED": {
"SEED": 2
}
}
},
"tee_name": {
"IBM": {
"SSC": 2
}
},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_RSA_WITH_AES_256_CBC_SHA": 1
}
},
"vendor": {
"Thales": {
"Thales": 264
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Costa Graham",
"/CreationDate": "D:20221121142454-05\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20221121142454-05\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"pdf_file_size_bytes": 2424662,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.thalesdocs.com/ctp/cm/2.4/",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14715",
"https://supportportal.thalesgroup.com/csm",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34388",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34400",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15112\u0026displayMode=CollapsedAlgorithm",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/AES#5652",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34387",
"https://52.86.120.81/",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35246\u0026displayMode=CollapsedAlgorithm",
"https://supportportal.thalesgroup.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 84
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "5e0535221a7a68284ae2152aec82ce9a80d71ca8fa03515ffce342c1907de4a4",
"policy_txt_hash": "d88cd6fb46eda6a80f3a1c53acf10387416ee9a50cc97c8e4cd35ecaea01bc2c"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2023_010223_0657_signed.pdf",
"date_sunset": "2026-09-21",
"description": "The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Design Assurance: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Thales CipherTrust Manager Core Security Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "active",
"sw_versions": "1.0.3",
"tested_conf": [
"Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 with PAA",
"Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 without PAA",
"Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 with PAA",
"Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 without PAA",
"Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 with PAA",
"Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-01-27",
"lab": "ACUMEN SECURITY, LLC",
"validation_type": "Initial"
}
],
"vendor": "Thales",
"vendor_url": null
}
}