Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
ExtraHop Cryptographic Module
ExtraHop Cryptographic Module
cert_id 4561 4675
dgst 315ef9b31f21c15d bb12fc5a6af710c3
heuristics/algorithms SHA-1A2293, HMAC-SHA2-512A2293, SHA2-512A2293, TDES-CMACA2293, AES-CFB8A2293, AES-CBCA2293, TDES-OFBA2293, AES-XTSA2293, HMAC-SHA3-224A2293, AES-ECBA2293, KAS-FFC-SSC Sp800-56Ar3A2293, SHA3-256A2293, TLS v1.3 KDFA2294, AES-GCMA2293, ECDSA SigVer (FIPS186-4)A2293, AES-CFB128A2293, DSA PQGVer (FIPS186-4)A2293, KDA HKDF SP800-56Cr2A2293, SHA2-384A2293, AES-CFB1A2293, TDES-CBCA2293, SHA3-512A2293, HMAC-SHA3-512A2293, PBKDFA2293, SHA3-224A2293, TDES-CFB8A2293, SHAKE-256A2293, TDES-CFB1A2293, AES-CMACA2293, AES-KWA2293, KDF SSHA2293, RSA KeyGen (FIPS186-4)A2293, SHAKE-128A2293, RSA SigGen (FIPS186-4)A2293, ECDSA KeyGen (FIPS186-4)A2293, HMAC-SHA3-256A2293, TDES-CFB64A2293, SHA2-256A2293, AES-GMACA2293, Counter DRBGA2293, RSA SigVer (FIPS186-4)A2293, AES-OFBA2293, TLS v1.2 KDF RFC7627A2293, AES-KWPA2293, ECDSA KeyVer (FIPS186-4)A2293, HMAC-SHA2-384A2293, DSA PQGGen (FIPS186-4)A2293, KDF TLSA2293, SHA2-224A2293, HMAC-SHA-1A2293, HMAC-SHA2-256A2293, HMAC-SHA2-224A2293, DSA KeyGen (FIPS186-4)A2293, AES-CCMA2293, TDES-ECBA2293, KAS-ECC-SSC Sp800-56Ar3A2293, DSA SigVer (FIPS186-4)A2293, HMAC-SHA3-384A2293, AES-CTRA2293, SHA3-384A2293 TDES-OFBA4978, ECDSA KeyVer (FIPS186-4)A4978, KDF SSHA4978, TDES-CMACA4978, Counter DRBGA4978, KAS-FFC-SSC Sp800-56Ar3A4978, TDES-CFB8A4978, HMAC-SHA2-512A4978, TDES-CFB1A4978, TDES-CBCA4978, AES-KWA4978, SHAKE-128A4978, AES-OFBA4978, SHA2-384A4978, KDA HKDF SP800-56Cr2A4978, ECDSA SigGen (FIPS186-4)A4978, AES-CBCA4978, RSA KeyGen (FIPS186-4)A4978, SHA2-512A4978, SHA-1A4978, AES-CFB8A4978, HMAC-SHA2-384A4978, SHA2-256A4978, PBKDFA4978, SHA3-384A4978, SHAKE-256A4978, AES-CMACA4978, HMAC-SHA2-256A4978, ECDSA KeyGen (FIPS186-4)A4978, SHA2-224A4978, AES-CFB1A4978, KAS-ECC-SSC Sp800-56Ar3A4978, DSA SigVer (FIPS186-4)A4978, ECDSA SigVer (FIPS186-4)A4978, TDES-CFB64A4978, AES-XTSA4978, HMAC-SHA3-256A4978, AES-GMACA4978, SHA3-256A4978, HMAC-SHA3-224A4978, DSA PQGVer (FIPS186-4)A4978, HMAC-SHA-1A4978, AES-GCMA4978, RSA SigVer (FIPS186-4)A4978, DSA SigGen (FIPS186-4)A4978, TLS v1.2 KDF RFC7627A4978, AES-CTRA4978, AES-KWPA4978, SHA3-224A4978, DSA KeyGen (FIPS186-4)A4978, SHA3-512A4978, HMAC-SHA3-512A4978, TLS v1.3 KDFA4979, DSA PQGGen (FIPS186-4)A4978, TDES-ECBA4978, AES-CFB128A4978, AES-CCMA4978, HMAC-SHA2-224A4978, AES-ECBA4978, HMAC-SHA3-384A4978, RSA SigGen (FIPS186-4)A4978, KDF TLSA4978
pdf_data/keywords/fips_cert_id
  • Cert:
    • #1: 1
    • Certificate6: 4
  • Cert:
    • Certificate6: 4
pdf_data/keywords/fips_certlike
  • Certlike:
    • AES GCM encrypt KAT50: 1
    • AES-CMAC 128: 1
    • AES-GCM 128: 1
    • CVL23: 1
    • DRBG 9: 1
    • DRBG27: 1
    • DSA28: 1
    • HMAC 128: 2
    • PKCS #1: 2
    • PKCS#1: 6
    • RSA39: 1
    • SHA-1: 13
    • SHA-256: 1
    • SHA-3: 1
    • SHA2- 256: 6
    • SHA2- 384: 4
    • SHA2- 512: 5
    • SHA2-224: 13
    • SHA2-256: 17
    • SHA2-384: 11
    • SHA2-512: 11
    • SHA3- 224: 1
    • SHA3- 256: 1
    • SHA3- 384: 1
    • SHA3- 512 112: 1
    • SHA3-224: 3
    • SHA3-256: 4
    • SHA3-384: 3
    • SHA3-512: 3
    • SHS42: 1
  • Certlike:
    • AES GCM encrypt KAT48: 1
    • AES-CMAC 128: 1
    • AES-GCM 128: 1
    • CVL23: 1
    • DRBG 9: 1
    • DRBG26: 1
    • DSA27: 1
    • HMAC 128: 2
    • PKCS#1: 6
    • RSA38: 1
    • SHA-1: 13
    • SHA-256: 1
    • SHA-3: 1
    • SHA2- 256: 7
    • SHA2- 384: 4
    • SHA2- 512: 5
    • SHA2-224: 14
    • SHA2-256: 17
    • SHA2-384: 12
    • SHA2-512: 12
    • SHA3- 224: 1
    • SHA3- 256: 1
    • SHA3- 384: 1
    • SHA3- 512 112: 1
    • SHA3-224: 3
    • SHA3-256: 4
    • SHA3-384: 3
    • SHA3-512: 3
    • SHS41: 1
pdf_data/keywords/vendor
  • Microsoft:
    • Microsoft: 2
pdf_data/keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 98
    • CAST:
      • CAST: 4
      • CAST5: 3
    • RC:
      • RC2: 2
      • RC4: 3
      • RC5: 3
  • DES:
    • 3DES:
      • TDES: 1
      • Triple-DES: 20
    • DES:
      • DES: 5
  • constructions:
    • MAC:
      • CMAC: 23
      • HMAC: 26
  • djb:
    • ChaCha:
      • ChaCha20: 3
    • Poly:
      • Poly1305: 2
  • miscellaneous:
    • ARIA:
      • ARIA: 3
    • Blowfish:
      • Blowfish: 3
    • Camellia:
      • Camellia: 3
    • IDEA:
      • IDEA: 3
    • SEED:
      • SEED: 3
    • SM4:
      • SM4: 3
  • AES_competition:
    • AES:
      • AES: 100
    • CAST:
      • CAST: 4
      • CAST5: 3
    • RC:
      • RC2: 2
      • RC4: 3
      • RC5: 3
  • DES:
    • 3DES:
      • TDES: 1
      • Triple-DES: 20
    • DES:
      • DES: 8
  • constructions:
    • MAC:
      • CMAC: 24
      • HMAC: 27
  • djb:
    • ChaCha:
      • ChaCha20: 3
    • Poly:
      • Poly1305: 2
  • miscellaneous:
    • ARIA:
      • ARIA: 3
    • Blowfish:
      • Blowfish: 3
    • Camellia:
      • Camellia: 3
    • IDEA:
      • IDEA: 3
    • SEED:
      • SEED: 3
    • SM4:
      • SM4: 3
pdf_data/keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 3
    • ECDH:
      • ECDH: 11
    • ECDSA:
      • ECDSA: 26
    • EdDSA:
      • EdDSA: 3
  • FF:
    • DH:
      • DH: 12
      • Diffie-Hellman: 2
    • DSA:
      • DSA: 25
  • ECC:
    • ECC:
      • ECC: 3
    • ECDH:
      • ECDH: 11
    • ECDSA:
      • ECDSA: 27
    • EdDSA:
      • EdDSA: 3
  • FF:
    • DH:
      • DH: 12
      • Diffie-Hellman: 2
    • DSA:
      • DSA: 27
pdf_data/keywords/hash_function
  • BLAKE:
    • Blake2: 3
  • MD:
    • MD4:
      • MD4: 2
    • MD5:
      • MD5: 2
  • PBKDF:
    • PBKDF: 6
    • PBKDF2: 5
  • RIPEMD:
    • RIPEMD: 2
  • SHA:
    • SHA1:
      • SHA-1: 13
    • SHA2:
      • SHA-256: 1
    • SHA3:
      • SHA-3: 1
      • SHA3-224: 3
      • SHA3-256: 4
      • SHA3-384: 3
      • SHA3-512: 3
  • BLAKE:
    • Blake2: 3
  • MD:
    • MD4:
      • MD4: 2
    • MD5:
      • MD5: 2
  • PBKDF:
    • PBKDF: 7
    • PBKDF2: 5
  • RIPEMD:
    • RIPEMD: 2
  • SHA:
    • SHA1:
      • SHA-1: 13
    • SHA2:
      • SHA-256: 1
    • SHA3:
      • SHA-3: 1
      • SHA3-224: 3
      • SHA3-256: 4
      • SHA3-384: 3
      • SHA3-512: 3
pdf_data/keywords/crypto_protocol
  • SSH:
    • SSH: 18
  • TLS:
    • TLS:
      • TLS: 34
      • TLS 1.2: 3
      • TLS 1.3: 1
      • TLS v1.2: 3
      • TLS v1.3: 2
  • SSH:
    • SSH: 18
  • TLS:
    • SSL:
      • SSL: 3
    • TLS:
      • TLS: 36
      • TLS 1.2: 3
      • TLS 1.3: 5
      • TLS v1.2: 3
      • TLS v1.3: 2
pdf_data/keywords/randomness
  • PRNG:
    • DRBG: 45
  • RNG:
    • RBG: 2
    • RNG: 4
  • PRNG:
    • DRBG: 46
  • RNG:
    • RBG: 2
    • RNG: 4
pdf_data/keywords/cipher_mode
  • CBC:
    • CBC: 8
  • CCM:
    • CCM: 3
  • CFB:
    • CFB: 3
  • CTR:
    • CTR: 5
  • ECB:
    • ECB: 9
  • GCM:
    • GCM: 37
  • OFB:
    • OFB: 8
  • XEX:
    • XEX: 2
  • XTS:
    • XTS: 4
  • CBC:
    • CBC: 8
  • CCM:
    • CCM: 3
  • CFB:
    • CFB: 3
  • CTR:
    • CTR: 5
  • ECB:
    • ECB: 10
  • GCM:
    • GCM: 37
  • OFB:
    • OFB: 8
  • XEX:
    • XEX: 2
  • XTS:
    • XTS: 4
pdf_data/keywords/ecc_curve
  • NIST:
    • B-163: 2
    • B-233: 4
    • B-283: 4
    • B-409: 4
    • B-571: 4
    • K-163: 4
    • K-233: 6
    • K-283: 4
    • K-409: 4
    • K-571: 4
    • P-192: 8
    • P-224: 14
    • P-256: 8
    • P-384: 8
    • P-521: 8
  • NIST:
    • B-163: 2
    • B-233: 5
    • B-283: 5
    • B-409: 5
    • B-571: 5
    • K-163: 4
    • K-233: 7
    • K-283: 5
    • K-409: 5
    • K-571: 5
    • P-192: 8
    • P-224: 16
    • P-256: 10
    • P-384: 10
    • P-521: 10
pdf_data/keywords/standard_id
  • FIPS:
    • FIPS 140-3: 20
    • FIPS PUB 180-4: 1
    • FIPS PUB 186-4: 5
    • FIPS PUB 197: 2
    • FIPS PUB 198-1: 1
    • FIPS PUB 202: 1
  • ISO:
    • ISO/IEC 19790: 6
    • ISO/IEC 19790:2012: 1
    • ISO/IEC 19790:2021: 1
    • ISO/IEC 24579: 4
  • NIST:
    • NIST SP 800-132: 2
    • NIST SP 800-38A: 1
    • NIST SP 800-38B: 2
    • NIST SP 800-38C: 2
    • NIST SP 800-38D: 6
    • NIST SP 800-38E: 2
    • NIST SP 800-38F: 2
    • NIST SP 800-52: 1
    • NIST SP 800-67: 2
    • SP 800-38A: 1
    • SP 800-38B: 1
  • PKCS:
    • PKCS #1: 1
    • PKCS#1: 3
  • RFC:
    • RFC 5246: 1
    • RFC 5288: 1
    • RFC 8446: 1
    • RFC25: 1
  • FIPS:
    • FIPS 140-3: 20
    • FIPS PUB 180-4: 1
    • FIPS PUB 186-4: 5
    • FIPS PUB 197: 2
    • FIPS PUB 198-1: 1
    • FIPS PUB 202: 1
  • ISO:
    • ISO/IEC 19790: 6
    • ISO/IEC 19790:2012: 1
    • ISO/IEC 19790:2021: 1
    • ISO/IEC 24579: 4
  • NIST:
    • NIST SP 800-132: 2
    • NIST SP 800-38A: 1
    • NIST SP 800-38B: 2
    • NIST SP 800-38C: 2
    • NIST SP 800-38D: 6
    • NIST SP 800-38E: 2
    • NIST SP 800-38F: 2
    • NIST SP 800-52: 1
    • NIST SP 800-67: 2
    • SP 800-38A: 1
    • SP 800-38B: 1
  • PKCS:
    • PKCS#1: 3
  • RFC:
    • RFC 5246: 1
    • RFC 5288: 1
    • RFC 8446: 1
    • RFC25: 1
pdf_data/policy_metadata
state/policy_pdf_hash Different Different
state/policy_txt_hash Different Different
web_data/caveat When operated in approved mode. No assurance of the minimum strength of generated keys When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
web_data/certificate_pdf_url https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2024_010224_0801.pdf
web_data/date_sunset 29.01.2029
web_data/description The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3). The ExtraHop Cryptographic Module 2.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 2.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).
web_data/revoked_reason Non-conformance to the FIPS 140-3 standard identified
web_data/status revoked active
web_data/sw_versions 1.0 2.0
web_data/tested_conf ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA, ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA, ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R with PAA, Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R without PAA, , , ,
web_data/validation_history
  • date: 28.08.2023
  • lab: Lightship Security, Inc.
  • validation_type: Initial
  • date: 30.01.2024
  • lab: Lightship Security, Inc.
  • validation_type: Initial