Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
DocuSign QSCD Appliance
DocuSign QSCD Appliance
cert_id 4441 4782
dgst 6346fc1b001a16dd 7d398da879174500
heuristics/algorithms AES#A5167, AES#A5168, KTS#A5168, DRBG#A5167, PBKDF#A5168, SHS#A5168, RSA#A5167, HMAC#A5168, RSA#A5168, SHS#A5167, HMAC#A5167, CVL#A5167 HMAC-SHA2-384A4404, HMAC DRBGA4400, TLS v1.2 KDF RFC7627A4404, ECDSA KeyGen (FIPS186-5)A4404, PBKDFA4404, ECDSA SigVer (FIPS186-5)A4404, AES-GCMA4404, SHA2-256A4404, ECDSA SigGen (FIPS186-5)A4404, HMAC-SHA2-256A4404, AES-CBCA4404, RSA SigVer (FIPS186-5)A4400, SHA2-512A4404, RSA KeyGen (FIPS186-5)A4400, HMAC-SHA2-512A4404, KAS-ECC-SSC Sp800-56Ar3A4404, SHA2-384A4404, RSA SigGen (FIPS186-5)A4404
heuristics/extracted_versions 2.0.0.0, 1.1.0.10 1.2.0.7, 2.0.0.0
pdf_data/keywords/fips_cert_id
  • Cert:
    • #10: 4
pdf_data/keywords/fips_security_level
  • Level:
    • Level 1: 2
    • Level 3: 2
    • level 3: 1
  • Level:
    • Level 1: 2
    • Level 3: 3
    • level 3: 1
pdf_data/keywords/fips_certlike
  • Certlike:
    • AES 128, 192: 1
    • AES 256: 4
    • AES-CBC 128, 256: 1
    • AES-CBC 256: 3
    • AES128: 2
    • AES192: 2
    • AES256: 2
    • DRBG4: 1
    • HMAC 128: 2
    • HMAC-256: 4
    • HMAC-SHA-256: 4
    • HMAC-SHA-256 256: 2
    • HMAC-SHA-512 256: 2
    • HMAC-SHA256: 16
    • HMAC-SHA384: 2
    • HMAC-SHA512: 2
    • PKCS#1: 6
    • RSA 2048: 6
    • RSA 3072: 2
    • RSA PKCS#1: 4
    • SHA-256: 9
    • SHA-384: 2
    • SHA-512: 3
    • SHA-512 2048: 4
    • SHA256: 2
  • Certlike:
    • AES / 128, 192: 2
    • AES / 128, 256: 1
    • AES 128, 192: 1
    • AES 256: 2
    • AES-256: 8
    • AES-CBC 1: 4
    • AES-CBC 2: 1
    • AES-CBC 3: 10
    • AES-CBC 4: 1
    • AES-CBC 5: 2
    • AES-CBC 7: 7
    • AES128: 2
    • AES192: 2
    • AES256: 2
    • DRBG 1: 1
    • DRBG4: 1
    • HMAC- SHA-256: 6
    • HMAC-256: 2
    • HMAC-SHA-256: 28
    • HMAC-SHA-256 1: 8
    • HMAC-SHA-256 12: 2
    • HMAC-SHA-256 21: 6
    • HMAC-SHA-256 KAT 10: 2
    • HMAC-SHA-384: 8
    • HMAC-SHA-512: 8
    • PKCS#1: 30
    • RSA 2048: 7
    • RSA 3072: 2
    • RSA PKCS#1: 4
    • RSA-PKCS#1: 3
    • SHA-256: 14
    • SHA-384: 9
    • SHA-512: 7
    • SHA256: 2
pdf_data/keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 13
      • AES128: 2
      • AES192: 2
      • AES256: 2
  • constructions:
    • MAC:
      • HMAC: 4
      • HMAC-SHA-256: 3
      • HMAC-SHA-512: 1
  • AES_competition:
    • AES:
      • AES: 14
      • AES-256: 8
      • AES128: 2
      • AES192: 2
      • AES256: 2
  • constructions:
    • MAC:
      • HMAC: 7
      • HMAC-SHA-256: 23
      • HMAC-SHA-384: 4
      • HMAC-SHA-512: 4
pdf_data/keywords/asymmetric_crypto
  • ECC:
    • ECDH:
      • ECDH: 1
  • FF:
    • DH:
      • Diffie-Hellman: 1
  • RSA:
    • RSA 2048: 6
    • RSA 3072: 2
  • ECC:
    • ECC:
      • ECC: 1
    • ECDH:
      • ECDH: 7
      • ECDHE: 1
    • ECDSA:
      • ECDSA: 3
  • FF:
    • DH:
      • Diffie-Hellman: 1
  • RSA:
    • RSA 2048: 7
    • RSA 3072: 2
    • RSA-PSS: 3
pdf_data/keywords/hash_function
  • PBKDF:
    • PBKDF: 2
  • SHA:
    • SHA2:
      • SHA-256: 9
      • SHA-384: 2
      • SHA-512: 7
      • SHA256: 2
  • PBKDF:
    • PBKDF: 2
  • SHA:
    • SHA2:
      • SHA-256: 14
      • SHA-384: 9
      • SHA-512: 7
      • SHA2: 3
      • SHA256: 2
pdf_data/keywords/crypto_scheme
  • MAC:
    • MAC: 1
  • KEX:
    • Key exchange: 1
  • MAC:
    • MAC: 1
pdf_data/keywords/crypto_protocol
  • TLS:
    • TLS:
      • TLS: 31
      • TLS 1.2: 2
  • TLS:
    • TLS:
      • TLS: 42
      • TLS 1.2: 4
pdf_data/keywords/randomness
  • PRNG:
    • DRBG: 8
  • RNG:
    • RNG: 8
  • PRNG:
    • DRBG: 14
  • RNG:
    • RNG: 8
pdf_data/keywords/cipher_mode
  • CBC:
    • CBC: 5
  • ECB:
    • ECB: 1
  • GCM:
    • GCM: 1
  • CBC:
    • CBC: 5
  • ECB:
    • ECB: 1
  • GCM:
    • GCM: 2
pdf_data/keywords/ecc_curve
  • NIST:
    • P-256: 4
    • P-384: 4
    • P-521: 4
  • NIST:
    • P-256: 14
    • P-384: 14
    • P-521: 14
pdf_data/keywords/tls_cipher_suite
  • TLS:
    • TLS_RSA_WITH_AES_128_CBC_SHA256: 2
    • TLS_RSA_WITH_AES_256_CBC_SHA256: 2
    • TLS_RSA_WITH_AES_CBC_128_SHA256: 1
    • TLS_RSA_WITH_AES_CBC_256_SHA256: 1
  • TLS:
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 3
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 3
pdf_data/keywords/side_channel_analysis
  • FI:
    • physical tampering: 1
  • FI:
    • malfunction: 1
    • physical tampering: 3
pdf_data/keywords/tee_name
  • AMD:
    • PSP: 1
pdf_data/keywords/standard_id
  • FIPS:
    • FIPS 140-2: 19
    • FIPS 180-4: 2
    • FIPS 186-4: 2
    • FIPS 197: 3
    • FIPS 198-1: 2
  • NIST:
    • NIST SP 800-90A: 3
    • NIST SP 800-90B: 4
    • SP 800-132: 1
    • SP 800-133: 1
    • SP 800-38D: 1
    • SP 800-38F: 1
    • SP 800-90A: 1
  • PKCS:
    • PKCS#1: 5
  • FIPS:
    • FIPS 140-3: 16
    • FIPS 180-4: 2
    • FIPS 186-5: 9
    • FIPS 197: 3
    • FIPS 198-1: 2
  • ISO:
    • ISO/IEC 19790: 2
    • ISO/IEC 19790:2012: 1
    • ISO/IEC 24759: 4
  • NIST:
    • NIST SP 800-90A: 3
    • NIST SP 800-90B: 3
    • SP 800-132: 1
    • SP 800-133: 1
    • SP 800-90A: 1
    • SP 800-90B: 1
  • PKCS:
    • PKCS#1: 17
pdf_data/policy_metadata
state/policy_pdf_hash Different Different
state/policy_txt_hash Different Different
web_data/caveat When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. Interim validation. When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy.
web_data/certificate_pdf_url https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/February 2023_010323_0649.pdf https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf
web_data/date_sunset 21.09.2026 27.08.2026
web_data/description The DocuSign QSCD Appliance is a digital signature product intended to be used as a Qualified Signature Creation Device (QSCD) in a secure operational environment. It is a highly secure, high capacity network attached HSM. The device consists of COTS hardware, tamper resistance hardware, a hardened operating system, an internal database and server software.
web_data/exceptions Mitigation of Other Attacks: N/A, , , , Operational environment: N/A, Non-invasive security: N/A, Mitigation of other attacks: N/A, Documentation requirements: N/A, Cryptographic module security policy: N/A
web_data/fw_versions 1, ., 1, ., 0, ., 1, 0 1, ., 2, ., 0, ., 7,
web_data/standard FIPS 140-2 FIPS 140-3
web_data/validation_history
  • date: 22.02.2023
  • lab: EWA CANADA
  • validation_type: Initial
  • date: 28.08.2024
  • lab: EWA CANADA
  • validation_type: Initial
web_data/vendor DocuSign Ltd. DocuSign, Inc.