Key Management (FIPS 171) Validation List

Last Update: February 1, 2001

Implementations in this list have successfully passed the validation test of the Key Management Validation System (KMVS), operated by the Security Technology Group. The KMVS tests implementations for conformance to FIPS 171, Key Management Using ANSI X9.17, which describes methods for handling DES keys. The list is organized chronologically, with the most recent validations listed last. Each entry mentions which FIPS 171 options are found in the validated implementation. Information contained in the list is accurate to the best of our knowledge; it is up to the vendor of the validated product to inform NIST of appropriate changes.

Key Management Validated Implementations
Vendor/Contact Components Val. Date Testing Options

LITRONIC Information Systems
2950 Redhill Avenue
Costa Mesa, CA 92626
James Prohaska, (703) 729-1700
(Originally validated by Codercard; rights transferred on 9/11/90) Hardware: Argus-PC, Model: CMS-100
Software: Argus/MACE Software, Version: 1.0 9/23/88 -Number of communicating pairs: 2
-Number of manual (*)KKs per comm. pair: 2
-Length of manual and auto. (*)KKs: PAIR
-Key generation capability: YES
-Number of auto. distr. (*)KKs shared: UP TO 4
-Number of KDs shared: UP TO 8
-Two KDs in KSMs: SOMETIMES
-Send RSI messages: NOT TESTED
-Receive RSI messages: NOT TESTED
-Notarization of keys in KSMs: ALWAYS
-Send odd parity on keys in KSMs: ALWAYS
-Send IVs in KSMs: SOMETIMES
-Send encrypted IVs in KSMs: ALWAYS
-Send EDCs in RSIs and ESMs: ALWAYS
-Action if EDC received in RSIs and ESMs: NOT APPLICABLE
-Send EDKs in KSMs: SOMETIMES
-Action on count error: ADJUST COUNT
-Send DSMs: YES
-Receive DSMs: YES
-IDA in DSM if only one KD can be shared: YES
-Role assumed: EITHER A OR B
-Automatic error recovery: NOT TESTED
-Space\ & CRLF as field delimiter: NOT TESTED

Technical Communications Corporation
100 Domino Drive
Concord, MA 01742
John Gill, (617) 862-6035 Hardware: CX5000A
Software: Version: 1.0
5/6/91 -Number of communicating pairs: 1
-Number of manual (*)KKs per comm. pair: 2
-Length of manual and auto. (*)KKs: PAIR
-Key generation capability: YES
-Number of auto. distr. (*)KKs shared: 0
-Number of KDs shared: 1
-Two KDs in KSMs: NEVER
-Send RSI messages: NOT TESTED
-Receive RSI messages: NOT TESTED
-Notarization of keys in KSMs: ALWAYS
-Send odd parity on keys in KSMs: ALWAYS
-Send IVs in KSMs: SOMETIMES
-Send encrypted IVs in KSMs: ALWAYS
-Send EDCs in RSIs and ESMs: ALWAYS
-Action if EDC received in RSIs and ESMs: NOT APPLICABLE
-Send EDKs in KSMs: NEVER
-Action on count error: ADJUST COUNT
-Send DSMs: YES
-Receive DSMs: YES
-IDA in DSM if only one KD can be shared: YES
-Role assumed: EITHER A OR B
-Automatic error recovery: NOT TESTED
-Space & CRLF as field delimiter: NOT TESTED

Hardware: CX5000
Software: Version: 2.0 5/15/91 -Number of communicating pairs: 1
-Number of manual (*)KKs per comm. pair: 2
-Length of manual and auto. (*)KKs: PAIR
-Key generation capability: YES
-Number of auto. distr. (*)KKs shared: 4
-Number of KDs shared: 1
-Two KDs in KSMs: NEVER
-Send RSI messages: NOT TESTED
-Receive RSI messages: NOT TESTED
-Notarization of keys in KSMs: ALWAYS
-Send odd parity on keys in KSMs: ALWAYS
-Send IVs in KSMs: SOMETIMES
-Send encrypted IVs in KSMs: ALWAYS
-Send EDCs in RSIs and ESMs: ALWAYS
-Action if EDC received in RSIs and ESMs: NOT APPLICABLE
-Send EDKs in KSMs: NEVER
-Action on count error: ADJUST COUNT
-Send DSMs: YES
-Receive DSMs: YES
-IDA in DSM if only one KD can be shared: YES
-Role assumed: EITHER A OR B
-Automatic error recovery: NOT TESTED
-Space & CRLF as field delimiter: NOT TESTED

Communication Devices, Inc.
1 Forstmann Court
Clifton, NJ 07011
Tadhg Kelly, (201) 772-6997 Hardware: 917CD, Model: 01-10-0700
Software: RSD/E, Version: 7.2 1/22/92 -Number of communicating pairs: 1
-Number of manual (*)KKs per comm. pair: 1
-Length of manual and auto. (*)KKs: PAIR
-Key generation capability: NO
-Number of auto. distr. (*)KKs shared: 0
-Number of KDs shared: 1
-Two KDs in KSMs: NEVER
-Send RSI messages: NOT TESTED
-Receive RSI messages: NOT TESTED
-Notarization of keys in KSMs: ALWAYS
-Send odd parity on keys in KSMs: ALWAYS
-Send IVs in KSMs: SOMETIMES
-Send encrypted IVs in KSMs: ALWAYS
-Send EDCs in RSIs and ESMs: ALWAYS
-Action if EDC received in RSIs and ESMs: NOT APPLICABLE
-Send EDKs in KSMs: NEVER
-Action on count error: ADJUST COUNT
-Send DSMs: YES
-Receive DSMs: YES
-IDA in DSM if only one KD can be shared: YES
-Role assumed: PARTY B
-Automatic error recovery: NOT TESTED
-Space & CRLF as field delimiter: NOT TESTED

**Key Management Validated Implementations**
Vendor/Contact	Components	Val. Date	Testing Options
LITRONIC Information Systems 2950 Redhill Avenue Costa Mesa, CA 92626 James Prohaska, (703) 729-1700 (Originally validated by Codercard; rights transferred on 9/11/90)	Hardware: Argus-PC, Model: CMS-100 Software: Argus/MACE Software, Version: 1.0	9/23/88	-Number of communicating pairs: 2 -Number of manual ()KKs per comm. pair: 2 -Length of manual and auto. ()KKs: PAIR -Key generation capability: YES -Number of auto. distr. (*)KKs shared: UP TO 4 -Number of KDs shared: UP TO 8 -Two KDs in KSMs: SOMETIMES -Send RSI messages: NOT TESTED -Receive RSI messages: NOT TESTED -Notarization of keys in KSMs: ALWAYS -Send odd parity on keys in KSMs: ALWAYS -Send IVs in KSMs: SOMETIMES -Send encrypted IVs in KSMs: ALWAYS -Send EDCs in RSIs and ESMs: ALWAYS -Action if EDC received in RSIs and ESMs: NOT APPLICABLE -Send EDKs in KSMs: SOMETIMES -Action on count error: ADJUST COUNT -Send DSMs: YES -Receive DSMs: YES -IDA in DSM if only one KD can be shared: YES -Role assumed: EITHER A OR B -Automatic error recovery: NOT TESTED -Space\ & CRLF as field delimiter: NOT TESTED
Technical Communications Corporation 100 Domino Drive Concord, MA 01742 John Gill, (617) 862-6035	Hardware: CX5000A Software: Version: 1.0	5/6/91	-Number of communicating pairs: 1 -Number of manual ()KKs per comm. pair: 2 -Length of manual and auto. ()KKs: PAIR -Key generation capability: YES -Number of auto. distr. (*)KKs shared: 0 -Number of KDs shared: 1 -Two KDs in KSMs: NEVER -Send RSI messages: NOT TESTED -Receive RSI messages: NOT TESTED -Notarization of keys in KSMs: ALWAYS -Send odd parity on keys in KSMs: ALWAYS -Send IVs in KSMs: SOMETIMES -Send encrypted IVs in KSMs: ALWAYS -Send EDCs in RSIs and ESMs: ALWAYS -Action if EDC received in RSIs and ESMs: NOT APPLICABLE -Send EDKs in KSMs: NEVER -Action on count error: ADJUST COUNT -Send DSMs: YES -Receive DSMs: YES -IDA in DSM if only one KD can be shared: YES -Role assumed: EITHER A OR B -Automatic error recovery: NOT TESTED -Space & CRLF as field delimiter: NOT TESTED
Hardware: CX5000 Software: Version: 2.0	5/15/91	-Number of communicating pairs: 1 -Number of manual ()KKs per comm. pair: 2 -Length of manual and auto. ()KKs: PAIR -Key generation capability: YES -Number of auto. distr. (*)KKs shared: 4 -Number of KDs shared: 1 -Two KDs in KSMs: NEVER -Send RSI messages: NOT TESTED -Receive RSI messages: NOT TESTED -Notarization of keys in KSMs: ALWAYS -Send odd parity on keys in KSMs: ALWAYS -Send IVs in KSMs: SOMETIMES -Send encrypted IVs in KSMs: ALWAYS -Send EDCs in RSIs and ESMs: ALWAYS -Action if EDC received in RSIs and ESMs: NOT APPLICABLE -Send EDKs in KSMs: NEVER -Action on count error: ADJUST COUNT -Send DSMs: YES -Receive DSMs: YES -IDA in DSM if only one KD can be shared: YES -Role assumed: EITHER A OR B -Automatic error recovery: NOT TESTED -Space & CRLF as field delimiter: NOT TESTED
Communication Devices, Inc. 1 Forstmann Court Clifton, NJ 07011 Tadhg Kelly, (201) 772-6997	Hardware: 917CD, Model: 01-10-0700 Software: RSD/E, Version: 7.2	1/22/92	-Number of communicating pairs: 1 -Number of manual ()KKs per comm. pair: 1 -Length of manual and auto. ()KKs: PAIR -Key generation capability: NO -Number of auto. distr. (*)KKs shared: 0 -Number of KDs shared: 1 -Two KDs in KSMs: NEVER -Send RSI messages: NOT TESTED -Receive RSI messages: NOT TESTED -Notarization of keys in KSMs: ALWAYS -Send odd parity on keys in KSMs: ALWAYS -Send IVs in KSMs: SOMETIMES -Send encrypted IVs in KSMs: ALWAYS -Send EDCs in RSIs and ESMs: ALWAYS -Action if EDC received in RSIs and ESMs: NOT APPLICABLE -Send EDKs in KSMs: NEVER -Action on count error: ADJUST COUNT -Send DSMs: YES -Receive DSMs: YES -IDA in DSM if only one KD can be shared: YES -Role assumed: PARTY B -Automatic error recovery: NOT TESTED -Space & CRLF as field delimiter: NOT TESTED

Need Assistance?

Computer Security Division
National Institute of Standards and Technology