ND-iTC / Documents

ND iTC Document repository (NDcPP, ND SD, and all related files)
MIT License
9 stars 1 forks source link

[cPP ENHANCEMENT] Explicitly define symmetric key generation by adding FCS_CKM.1.1/Symmetric #231

Open dundiddat opened 1 year ago

dundiddat commented 1 year ago

Provide the location of the issue 6.4.1.1, FCS_CKM.1 Cryptographic Key Generation (Refinement)

What is the enhancement request for the cPP? Please describe. FCS_CKM.1 only specifies asymmetric key generation. FCS_COP.1/DataEncryption specifies use of symmetric cryptographic keys. Please explain how such keys are generated.

Note: By explicitly defining symmetric and asymmetric key generation it should be possible to define applicability of other requirements to cryptographic keys.

Describe the solution you'd like Recommend including:

FCS_CKM.1.1/Symmetric Cryptographic Key Generation

The TSF shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes [selection: 128 bit, 256 bit] that meet the following: [no standard].

KSinitski commented 1 year ago

By explicitly defining symmetric key generation (in addition to existing asymmetric key generation) it becomes possible to scope other requirements dealing with keys.

kenji-lightship commented 1 year ago

This seems like a significant feature request. Most symmetric keys used in NDcPP are not generated by the DRBG. Actually covering where symmetric keys come from (seems like the intent of this comment), would require substantial and careful consideration of adding KDFs (and possibly other algorithms).

KSinitski commented 1 year ago

Kenji is correct to point to various derived keys which are not directly generated by the DRBG.