SP 800-140D: Approved SSP Generation and Establishment Methods
Short URL: https://csrc.nist.rip/projects/cmvp/sp800-140d
The following information is referenced from Section 6.2, Sensitive security parameter generation and establishment methods, of NIST SP 800-140Dr2.
Transitions | Symmetric Key Gen. | Key-Based Key Derivation
Password-Based Key Deriv. | Asymmetric Key-Pair Gen.
Key Agreement | Key Agreement Key Deriv. | Protocol-Suite Key Deriv.
Key Transport | Entropy Source | DRBG | Other SSPEM | Change Log
6.2.1 Transitions
Barker EB, Roginsky AL (2019) Transitioning the Use of Cryptographic Algorithms and Key Lengths. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-131A, Rev. 2. https://doi.org/10.6028/NIST.SP.800-131Ar2
6.2.2 Symmetric Key Generation
Barker EB, Roginsky AL, Davis R (2020) Recommendation for Cryptographic Key Generation. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-133, Rev. 2. https://doi.org/10.6028/NIST.SP.800-133r2
6.2.3 Key-Based Key Derivation
Chen L (2009) Recommendation for Key Derivation Using Pseudorandom Functions (Revised). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-108, Revised. https://doi.org/10.6028/NIST.SP.800-108
Chen L (2022) Recommendation for Key Derivation Using Pseudorandom Functions. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-108 r1. https://doi.org/10.6028/NIST.SP.800-108r1
6.2.4 Password-Based Key Derivation
Sönmez Turan M, Barker EB, Burr WE, Chen L (2010) Recommendation for Password-Based Key Derivation: Part 1: Storage Applications. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-132. https://doi.org/10.6028/NIST.SP.800-132
6.2.5 Asymmetric Key-Pair Generation
National Institute of Standards and Technology (2013) Digital Signature Standard (DSS). (U.S. Department of Commerce, Washington, DC), Federal Information Processing Standards Publication (FIPS) 186-4. https://doi.org/10.6028/NIST.FIPS.186-4
National Institute of Standards and Technology (2023) Digital Signature Standard (DSS). (U.S. Department of Commerce, Washington, DC), Federal Information Processing Standards Publication (FIPS) 186-5. https://doi.org/10.6028/NIST.FIPS.186-5
Cooper DA, Apon DC, Dang QH, Davidson MS, Dworkin MJ, Miller CA (2020) Recommendation for Stateful Hash-Based Signature Schemes. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-208. https://doi.org/10.6028/NIST.SP.800-208
Note. For the purposes of SSP generation and establishment methods, the standards referenced in this section are only used to define the domain parameters and/or the (private, public) key-pair generation methods.
Note. The key agreement references in Section 6.2.6 also include additional asymmetric key-pair generation methods.
6.2.6 Key Agreement
Barker EB, Chen L, Roginsky AL, Vassilev A, Davis R (2018) Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56A, Rev. 3. https://doi.org/10.6028/NIST.SP.800-56Ar3
Barker EB, Chen L, Roginsky AL, Vassilev A, Davis R, Simon S (2019) Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56B, Rev. 2. https://doi.org/10.6028/NIST.SP.800-56Br2
Barker EB (2006) Recommendation for Obtaining Assurances for Digital Signature Applications (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-89. https://doi.org/10.6028/NIST.SP.800-89
6.2.7 Key Agreement Key Derivation
Barker EB, Chen L, Davis R (2020) Recommendation for Key-Derivation Methods in Key-Establishment Schemes. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56C, Rev. 2. https://doi.org/10.6028/NIST.SP.800-56Cr2
6.2.8 Protocol-Suite Key Derivation
Dang QH (2011) Recommendation for Existing Application-Specific Key Derivation Functions. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-135, Rev. 1. https://doi.org/10.6028/NIST.SP.800-135r
The Transport Layer Security (TLS) Protocol Version 1.3, Section 7.1. (Internet Engineering Task Force, Fremont, CA), RFC 8446, August 2018. https://tools.ietf.org/html/rfc8446#section-7.1
6.2.9 Key Transport
6.2.9.1 Key Wrapping
Dworkin MJ (2012) Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-38F. https://doi.org/10.6028/NIST.SP.800-38F
6.2.9.2 Key Encapsulation
Barker EB, Chen L, Roginsky AL, Vassilev A, Davis R, Simon S (2019) Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56B, Rev. 2. https://doi.org/10.6028/NIST.SP.800-56Br2
6.2.10 Entropy Source
Sönmez Turan M, Barker EB, Kelsey JM, McKay KA, Baish ML, Boyle M (2018) Recommendation for Entropy Sources Used for Random Number Generation. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-90B. https://doi.org/10.6028/NIST.SP.800-90B
6.2.11 Deterministic Random Bit Generator (DRBG)
Barker EB, Kelsey JM (2015) Recommendation for Random Number Generation Using Deterministic Random Bit Generators. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-90A, Rev. 1. https://doi.org/10.6028/NIST.SP.800-90Ar1
6.2.12 Other sensitive security parameter establishment methods
Sensitive security parameter establishment methods allowed in the approved mode with appropriate restrictions are listed in FIPS 140-3 Implementation Guidance Section D.A.
| Date |
Section |
Change |
| 7/25/23 |
6.2.3 Key-Based Key Derivation |
Added: SP 800-108 Revision 1, August 2022 |
| 7/25/23 |
6.2.5 Asymmetric Key-Pair Generation |
Added: FIPS 186-5 and SP 800-186, February 2023
Added: SP 800-208, October 2020
|
| 7/25/23 |
6.2.6 Key Agreement |
Added: SP 800-89, November 2006 |
| 5/20/22 |
6.2 Sensitive security parameter generation and establishment methods |
Added/Modified: Security function subsection headers.
|
| 5/20/22 |
6.2.2 Symmetric Key Generation |
Added: SP 800-133 Revision 2, June 2020
Removed: SP 800-133 Revision 1, July 2019 |
| 5/20/22 |
6.2.7 Key Agreement Key Derivation |
Added: SP 800-56C Revision 2, August 2020
Removed: SP 800-56C Revision 1, April 2018
|
| 5/20/22 |
6.2.8 Protocol-Suite Key Derivation |
Added: RFC 8446, Section 7.1, August 2018 |
| 5/20/22 |
6.2.12 Other sensitive security parameter establishment methods |
Added: FIPS 140-3 Implementation Guidance Section D.A
|
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
