KSinitski
commented
1 year ago By explicitly defining symmetric key generation (in addition to existing asymmetric key generation) it becomes possible to scope other requirements dealing with keys.
Open dundiddat opened 1 year ago
KSinitski
commented
1 year ago By explicitly defining symmetric key generation (in addition to existing asymmetric key generation) it becomes possible to scope other requirements dealing with keys.
kenji-lightship
commented
1 year ago This seems like a significant feature request. Most symmetric keys used in NDcPP are not generated by the DRBG. Actually covering where symmetric keys come from (seems like the intent of this comment), would require substantial and careful consideration of adding KDFs (and possibly other algorithms).
KSinitski
commented
1 year ago Kenji is correct to point to various derived keys which are not directly generated by the DRBG.
Provide the location of the issue 6.4.1.1, FCS_CKM.1 Cryptographic Key Generation (Refinement)
What is the enhancement request for the cPP? Please describe. FCS_CKM.1 only specifies asymmetric key generation. FCS_COP.1/DataEncryption specifies use of symmetric cryptographic keys. Please explain how such keys are generated.
Note: By explicitly defining symmetric and asymmetric key generation it should be possible to define applicability of other requirements to cryptographic keys.
Describe the solution you'd like Recommend including:
FCS_CKM.1.1/Symmetric Cryptographic Key Generation
The TSF shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes [selection: 128 bit, 256 bit] that meet the following: [no standard].