Module Name

IBM Java JCE FIPS 140-2 Cryptographic Module with CPACF

Standard

FIPS 140-2

Status

Active

Sunset Date

2/12/2022

Validation Dates

02/13/2017

Overall Level

1

Caveat

When operated in FIPS mode

Module Type

Software-Hybrid

Embodiment

Multi-Chip Stand Alone

Description

The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework.

Tested Configuration(s)

• Red Hat Enterprise Linux Server release 7.2 running on IBM z13 model N63 (single-user mode)
• z/OS version 2 release 2 running on IBM z13 model N63

FIPS Algorithms

AES	Certs. #3909 and #3910
CVL	Certs. #768, #769, #770 and #771
DRBG	Certs. #1124 and #1125
DSA	Certs. #1067 and #1068
ECDSA	Certs. #852 and #853
HMAC	Certs. #2538 and #2539
KTS	vendor affirmed
RSA	Certs. #1993 and #1994
SHS	Certs. #3221 and #3222
Triple-DES	Certs. #2145 and #2146

Other Algorithms

Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; Triple-DES (non-compliant)

Hardware Versions

COP chips integrated within processor unit

Software Versions

1.8

Firmware Versions

3863 (aka FC3863) with System Driver Level 22H