对称加密的要求,详细见NIST800-131
Two-key TDEA加密 | Disallowed |
Two-key TDEA解密 | Legacy use |
Three-key TDEA加密 | Deprecated through 2023 |
Three-key TDEA解密 | Legacy use |
SKIPJACK 加密 | Disallowed |
SKIPJACK解密 | Legacy use |
AES-128加解密 | Acceptable |
AES-192加解密 | Acceptable |
AES-256加解密 | Acceptable |
数字签名要求,详细见NIST800-131
数字签名生成 | < 112 bits of security strength: | Disallowed |
≥ 112 bits of security strength: | Acceptable | |
数字签名核验 | < 112 bits of security strength: | Legacy use |
≥ 112 bits of security strength: | Acceptable |
随机位生成
Hash_DRBG and HMAC_DRBG | Acceptable |
CTR_DRBG with three-key TDEA | Deprecated through 2023 |
CTR_DRBG with AES-128/192/256 | Acceptable |
DUAL_EC_DRBG | Disallowed |
RNGs in FIPS 186-2,ANS X9.31,ANS X9.62-1998 | Disallowed |
密钥生成
密钥生成主流有两种:DH和MQV(Menezes-Qu-Vanstone),同时也有有限域和椭圆曲线的DH和MQV;
SP 800-56A DH and MQV | < 112 bits of security strength: | Disallowed |
≥ 112 bits of security strength: | Acceptable | |
Non-compliant DH and MQV schemes using finite fields | < 112 bits of security strength: | Disallowed |
Non-conformance to SP 800-56A | Disallowed after 2020 | |
SP 800-56A DH and MQV | < 112 bits of security strength: | Disallowed |
≥ 112 bits of security strength: | Acceptable | |
Non-compliant DH and MQV schemes using elliptic curves | < 112 bits of security strength: | Disallowed |
≥ 112 bits of security strength: | Disallowed after 2020 |
基于RSA的密钥交换和密钥传输
SP 800-56B Key Agreement and Key Transport schemes | len(n) < 2048 | Disallowed |
len(n) ≥ 2048 | Acceptable | |
Non-SP 800-56Bcompliant Key Agreement and Key Transport schemes | len(n) < 2048 | Disallowed |
PKCS1-v1_5 padding | Deprecated through 2023 | |
Other non-compliance | Deprecated through 2020 |
密钥派生函数
KDF Type | Algorithm | Status |
HMAC-based KDF | HMAC using any approved | Acceptable |
CMAC-based KDF | CMAC using two-key TDEA | Disallowed |
CMAC using three-key TDEA | Deprecated through 2023 | |
CMAC using AES | Acceptable |
哈希函数
SHA-1 | Digital signature generation | Disallowed, except where |
Digital signature verification | Legacy use | |
Non-digital-signature | Acceptable | |
SHA-2(SHA-224、SHA-256、SHA-384、SHA-512,SHA-512/224,SHA-512/256) | Acceptable for all hash function applications | |
SHA-3(SHA3-224、SHA3-256、SHA3-384、SHA3-512) | Acceptable for all hash function applications | |
TupleHash and | Acceptable for the purpose specified in SP 800-185 |
MAC算法
| Disallowed |
Key lengths ≥ 112 bits | Acceptable |
Key lengths < 112 bits | Legacy use |
Key lengths ≥ 112 bits | Acceptable |
Two-key TDEA | Disallowed |
Three-key TDEA | Deprecated through 2023 |
AES | Acceptable |
Two-key TDEA | Legacy use |
Three-key TDEA | Legacy use |
AES | Acceptable |
AES | Acceptable |
Key lengths < 112 bits | Disallowed |
Key lengths ≥ 112 bits | Acceptable |