Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
Nutanix Cryptographic Module for OpenSSH Client
Nutanix Cryptographic Module for OpenSSH Client
cert_id 3472 4364
dgst 8b75ec30ea0d0fed bdf67436ad540597
heuristics/algorithms CVL#1994, SHS#4465, ECDSA#1499, HMAC#3708, CVL#1998, AES#C661, AES#5562, DRBG#2216 HMAC#A1403, ECDSA#A1403, DRBG#A1403, KAS-SSC#A1403, KAS#A1403, KAS#A1405, KTS#A1403, SHS#A1403, AES#A1403, CVL#A1405
heuristics/module_processed_references/directly_referencing 3460 4249
heuristics/module_processed_references/indirectly_referencing 3460 4249
heuristics/module_prunned_references 3460 4249
heuristics/policy_processed_references/directly_referencing 3460 4249
heuristics/policy_processed_references/indirectly_referencing 3460 4249
heuristics/policy_prunned_references 3460 4249
pdf_data/keywords/fips_cert_id
  • Cert:
    • #3460: 6
  • Cert:
    • #4249: 6
pdf_data/keywords/fips_certlike
  • Certlike:
    • AES [197: 1
    • AES-128: 2
    • AES-192: 1
    • AES-256: 3
    • HMAC [198: 1
    • HMAC-SHA-1: 2
    • HMAC-SHA-256: 6
    • HMAC-SHA-512: 2
    • SHA-1: 2
    • SHA-2: 1
    • SHA-224: 1
    • SHA-256: 2
    • SHA-384: 2
    • SHA-512: 1
    • SHS [180: 1
  • Certlike:
    • AES [197: 1
    • AES-128: 4
    • AES-192: 3
    • AES-256: 4
    • HMAC [198: 1
    • HMAC-SHA-1: 4
    • HMAC-SHA-256: 6
    • HMAC-SHA-512: 2
    • SHA-1: 4
    • SHA-2: 1
    • SHA-224: 1
    • SHA-256: 1
    • SHA-384: 1
    • SHA-512: 1
    • SHA2-256: 2
    • SHA2-384: 2
    • SHA2-512: 3
    • SHS [180: 1
pdf_data/keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 4
      • AES-128: 2
      • AES-192: 1
      • AES-256: 3
  • constructions:
    • MAC:
      • HMAC: 6
      • HMAC-SHA-256: 3
      • HMAC-SHA-512: 1
  • AES_competition:
    • AES:
      • AES: 4
      • AES-128: 4
      • AES-192: 3
      • AES-256: 4
  • constructions:
    • MAC:
      • HMAC: 7
      • HMAC-SHA-256: 3
      • HMAC-SHA-512: 1
pdf_data/keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 5
    • ECDSA:
      • ECDSA: 1
  • FF:
    • DH:
      • Diffie-Hellman: 2
  • ECC:
    • ECC:
      • ECC: 6
    • ECDSA:
      • ECDSA: 2
pdf_data/keywords/hash_function
  • SHA:
    • SHA1:
      • SHA-1: 2
    • SHA2:
      • SHA-2: 1
      • SHA-224: 1
      • SHA-256: 2
      • SHA-384: 2
      • SHA-512: 1
  • SHA:
    • SHA1:
      • SHA-1: 4
    • SHA2:
      • SHA-2: 1
      • SHA-224: 1
      • SHA-256: 1
      • SHA-384: 1
      • SHA-512: 1
pdf_data/keywords/crypto_scheme
  • KEX:
    • Key exchange: 3
  • MAC:
    • MAC: 3
  • KEX:
    • Key exchange: 2
  • MAC:
    • MAC: 4
pdf_data/keywords/crypto_protocol
  • SSH:
    • SSH: 15
  • TLS:
    • TLS:
      • TLS: 1
  • SSH:
    • SSH: 14
  • TLS:
    • TLS:
      • TLS: 1
pdf_data/keywords/randomness
  • PRNG:
    • DRBG: 3
  • PRNG:
    • DRBG: 4
pdf_data/keywords/cipher_mode
  • CBC:
    • CBC: 1
  • CCM:
    • CCM: 2
  • GCM:
    • GCM: 6
  • CBC:
    • CBC: 1
  • CCM:
    • CCM: 2
  • CTR:
    • CTR: 1
  • GCM:
    • GCM: 5
pdf_data/keywords/ecc_curve
  • NIST:
    • P-256: 8
    • P-384: 8
    • P-521: 6
  • NIST:
    • P-256: 10
    • P-384: 10
    • P-521: 6
pdf_data/keywords/crypto_library
  • OpenSSL:
    • OpenSSL: 5
  • OpenSSL:
    • OpenSSL: 6
pdf_data/keywords/tee_name
  • IBM:
    • SSC: 4
pdf_data/keywords/standard_id
  • FIPS:
    • FIPS 140-2: 17
    • FIPS 180-4: 1
    • FIPS 186-4: 1
    • FIPS 197: 1
    • FIPS 198-1: 1
  • NIST:
    • NIST SP 800-135: 1
    • NIST SP 800-38A: 1
    • NIST SP 800-38C: 1
    • NIST SP 800-38D: 1
    • NIST SP 800-56A: 1
    • NIST SP 800-57: 1
    • NIST SP 800-90A: 1
    • SP 800-131A: 1
  • FIPS:
    • FIPS 140-2: 19
    • FIPS 180-4: 1
    • FIPS 186-4: 1
    • FIPS 197: 1
    • FIPS 198-1: 1
  • NIST:
    • NIST SP 800-131A: 1
    • NIST SP 800-135: 1
    • NIST SP 800-38A: 1
    • NIST SP 800-38C: 1
    • NIST SP 800-38D: 1
    • NIST SP 800-38F: 1
    • NIST SP 800-56A: 1
    • NIST SP 800-57: 1
    • NIST SP 800-90A: 1
pdf_data/keywords/javacard_api_const
  • curves:
    • ED25519: 1
pdf_data/policy_metadata
state/policy_pdf_hash Different Different
state/policy_txt_hash Different Different
web_data/caveat When operated in FIPS mode with Nutanix Cryptographic Module for OpenSSL validated to FIPS 140-2 under Cert. #3460 operating in FIPS mode When operated in FIPS mode and configured as specified in Section 3 of the Security Policy with the Nutanix Cryptographic Module for OpenSSL validated to FIPS 140-2 under Cert. #4249 operating in FIPS mode. No assurance of the minimum strength of generated keys
web_data/certificate_pdf_url https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/JuneConsolidated.pdf https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2022_051222_0640_signed.pdf
web_data/date_sunset 21.09.2026
web_data/description The Nutanix Cryptographic Module for OpenSSH Client provides client-side support for SSH version 2. This cryptographic module functions together with the Nutanix Cryptographic Module for OpenSSL to provide FIPS validated cryptography for SSH connections. The Nutanix Cryptographic Module for OpenSSH Client is a cryptographic software module, designated as a multi-chip standalone embodiment, and used in Nutanix solutions to provide FIPS 140-2 Approved SSH client-side secure communication.
web_data/historical_reason SP 800-56Arev3 transition
web_data/mentioned_certs
  • 3460: 1
  • 4249: 1
web_data/status historical active
web_data/sw_versions OpenSSH client RPM package 7.4p1-16.el7 and fipscheck RPM package 1.4.1-6.el7 6.0
web_data/tested_conf CentOS 7.5 running on Nutanix NX-3360-G6 with Intel Xeon Silver-4116 with PAA, CentOS 7.5 running on Nutanix NX-3360-G6 with Intel Xeon Silver-4116 without PAA (single-user mode), , CentOS 7.9 on Nutanix Acropolis Hypervisor (AHV) 7.1.1 running on a Nutanix NX-3360-G7 with an Intel® Xeon® Gold 6234 with PAA, CentOS 7.9 on Nutanix Acropolis Hypervisor (AHV) 7.1.1 running on a Nutanix NX-3360-G7 with an Intel® Xeon® Gold 6234 without PAA, CentOS 7.9 running on a Nutanix NX-3360-G7 with an Intel® Xeon® Gold 6234 with PAA, CentOS 7.9 running on a Nutanix NX-3360-G7 with an Intel® Xeon® Gold 6234 without PAA (single-user mode)
web_data/validation_history
  • date: 12.06.2019
  • lab: UL VERIFICATION SERVICES INC
  • validation_type: Initial
  • date: 14.11.2022
  • lab: Lightship Security, Inc.
  • validation_type: Initial