Module Name
VMware Java JCE (Java Cryptographic Extension) Module
Validation Dates
03/22/2017
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The VMware Java JCE (Java Cryptographic Extension) Module is a software cryptographic module based on the Legion of the Bouncy Castle Inc. FIPS Java API (BC-FJA) Module (SW Version 1.0.0). The module is a software library that provides cryptographic functions to various VMware applications via a well-defined Java-language application program interface (API).
Tested Configuration(s)
- Java SE Runtime Environment 1.7.0 on NSX Controller 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
- Java SE Runtime Environment 1.7.0 on NSX Edge 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
- Java SE Runtime Environment 1.7.0 on NSX Manager 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 (single-user mode)
FIPS Algorithms
| AES |
Cert. #4153 |
| CVL |
Certs. #955, #956 and #957 |
| DRBG |
Cert. #1261 |
| DSA |
Cert. #1127 |
| ECDSA |
Cert. #955 |
| HMAC |
Cert. #2721 |
| KAS |
Cert. #96 |
| KAS |
SP 800-56Arev2, vendor affirmed |
| KBKDF |
Cert. #107 |
| KTS |
vendor affirmed |
| KTS |
AES Cert. #4153; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2269; key establishment methodology provides 112 bits of encryption strength |
| PBKDF |
vendor affirmed |
| RSA |
Cert. #2261 |
| SHA-3 |
Cert. #10 |
| SHS |
Cert. #3417 |
| Triple-DES |
Cert. #2269 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
