Motorola S2500 ユーザーズマニュアル

The following CSPs are contained within the module: 

KEK  

This is the master key that encrypts persistent CSPs stored within the module.  

KEK-protected keys include PSK and passwords. 

Encryption of keys uses AES128ECB

 

IKE Preshared Keys 

 

Used to authenticate peer to peer during IKE session 

SKEYID 

Generated for IKE Phase 1 by hashing preshared keys with responder/receiver 
nonce 

SKEYID_d 

Phase 1 key used to derive keying material for IKE SAs 

SKEYID_a 

Key used for integrity and authentication of the phase 1 exchange 

SKEYID_e 

Key used for TDES or AES  data encryption of phase 1 exchange 

Ephemeral DH Phase-1 
private key (a) 

Generated for IKE Phase 1 key establishment  

Ephemeral DH Phase-2 
private key (a) 

Phase 2 Diffie Hellman private keys used in PFS for key renewal 

IPSEC Session keys 

128/192/256-bit AES-CBC and 168-bit TDES keys are used to encrypt and 
authenticate IPSEC ESP packets 

FRF.17 Session Keys 

168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are  used to encrypt 
and authenticate FRF.17 Mode 2 

SSH-RSA Private Key 

Key used to authenticate oneself to peer  

SSH-DSA Private Key 

Key used to authenticate oneself to peer 

SSH Session Keys 

168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are  used to encrypt 
and authenticate SSH packets 

SSH DH Private Key 

Generated for SSH key establishment  

RNG Seed 

Initial seed for FIPS-approved deterministic RNG 

Network Manager Password 
(Root) 

7 (to 15 ) character password used to authenticate to the CO Role 

(

Crypto 

Officer

) 

User(Admin) 

7 (to 15) character password used to authenticate to the User Role 

User Accounts 

7 (to 15) character password used to authenticate accounts created on the 
module