FBCA CP Section 6.1.5, Key Sizes, v1.0

Profile of requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), FBCA CP Section 6.1.5, Key Sizes
Publication Date 2018-10-30
Issuing Organization
No Responder help@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords PIV-I, Security, Identity, Federal Bridge
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms and TD_MinimumRSAKeySizeforSelfSignedPKICertificates and TD_MinimumECDSAKeySizeforSelfSignedPKICertificates and TD_RSAEncryptionofPublickeysSelfSigned20102030Exception and TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception and TD_RSASignatureofPKICertificateRevocationLists and TD_DSASignatureofPKICertificateRevocationLists and TD_ECDSASignatureofPKICertificateRevocationLists and TD_MinimumCertificateSignatureRSAKeyLength and TD_MinimumCertificateSignatureECDSAKeyLength and TD_RSAEncryptionofPublicKeys and TD_ECDSAEncryptionofPublicKeys and TD_CertificateandRevocationListDigitalSignaturesPriorto2014 and TD_CertificateandRevocationListDigitalSignaturesPriorto2031 and TD_CertificateandRevocationListDigitalSignatures and TD_CertificateAuthoritiesThatAssertnonSHA1Policies and TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs and TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs and TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs and TD_PresignedOCSPResponsesUsingSHA1 and TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031 and TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030 and TD_EndentityPKICertificateMinimumRSAPublicKeySize and TD_EndentityPKICertificateMinimumDSAPublicKeySize and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize and TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078 and TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078 and TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements

References (33)

 TD  Organization Accepts FIPS-approved Signature Algorithms, v1.0
Description Addresses the requirement for all FIPS-approved signature algorithms to be considered acceptable.
ID TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms
Provider Reference
 TD  Minimum RSA Key Size for Self-Signed PKI Certificates, v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_MinimumRSAKeySizeforSelfSignedPKICertificates
Provider Reference
 TD  Minimum ECDSA Key Size for Self-Signed PKI Certificates, v1.0
Description This Trustmark Definition specifies a minimum ECDSA public key size for PKI.
ID TD_MinimumECDSAKeySizeforSelfSignedPKICertificates
Provider Reference
 TD  RSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_RSAEncryptionofPublickeysSelfSigned20102030Exception
Provider Reference
 TD  ECDSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0
Description This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception
Provider Reference
 TD  RSA Signature of PKI Certificate Revocation Lists, v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_RSASignatureofPKICertificateRevocationLists
Provider Reference
 TD  DSA Signature of PKI Certificate Revocation Lists, v1.0
Description This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI.
ID TD_DSASignatureofPKICertificateRevocationLists
Provider Reference
 TD  ECDSA Signature of PKI Certificate Revocation Lists, v1.0
Description This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID TD_ECDSASignatureofPKICertificateRevocationLists
Provider Reference
 TD  Minimum Certificate Signature RSA Key Length, v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_MinimumCertificateSignatureRSAKeyLength
Provider Reference
 TD  Minimum Certificate Signature ECDSA Key Length, v1.0
Description This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID TD_MinimumCertificateSignatureECDSAKeyLength
Provider Reference
 TD  RSA Encryption of Public Keys, v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_RSAEncryptionofPublicKeys
Provider Reference
 TD  ECDSA Encryption of Public Keys, v1.0
Description This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID TD_ECDSAEncryptionofPublicKeys
Provider Reference
 TD  Certificate and Revocation List Digital Signatures (Prior to 2014), v1.0
Description Addresses the requirement for CAs that generate certificates and CRLs to use SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash algorithm when generating digital signatures.
ID TD_CertificateandRevocationListDigitalSignaturesPriorto2014
Provider Reference
 TD  Certificate and Revocation List Digital Signatures (Prior to 2031), v1.0
Description This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates.
ID TD_CertificateandRevocationListDigitalSignaturesPriorto2031
Provider Reference
 TD  Certificate and Revocation List Digital Signatures, v1.0
Description Addresses acceptable hash algorithms for use with PKI.
ID TD_CertificateandRevocationListDigitalSignatures
Provider Reference
 TD  Certificate Authorities That Assert non-SHA1 Policies, v1.0
Description This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates.
ID TD_CertificateAuthoritiesThatAssertnonSHA1Policies
Provider Reference
 TD  CSSes Sign Responses With Signature Algorithm Used To Sign CRLs, v1.0
Description Addresses the requirement for CSSes to sign responses using the same signature algorithm used by the CA to sign CRLs.
ID TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs
Provider Reference
 TD  CSSes Sign Responses With Signature Key Size Used To Sign CRLs, v1.0
Description Addresses the requirement for CSSes to sign responses using the same key size used by the CA to sign CRLs.
ID TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs
Provider Reference
 TD  CSSes Sign Responses With Hash Algorithm Used To Sign CRLs, v1.0
Description Addresses the requirement for CSSes to sign responses using the same hash algorithm used by the CA to sign CRLs.
ID TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs
Provider Reference
 TD  Pre-signed OCSP Responses Using SHA-1, v1.0
Description Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
ID TD_PresignedOCSPResponsesUsingSHA1
Provider Reference
 TD  End-entity PKI Certificate Minimum RSA Public Key Size (Expiring Before 2031), v1.0
Description This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI.
ID TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031
Provider Reference
 TD  End-entity PKI Certificate Minimum DSA Public Key Size (Expiring Before 2031), v1.0
Description This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI.
ID TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031
Provider Reference
 TD  End-entity PKI Certificate Minimum Diffie-Hellman Public Key Size (Expiring Before 2031), v1.0
Description This Trustmark Definition specifies a minimum Diffie-Hellman key size for PKI.
ID TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031
Provider Reference
 TD  End-entity PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring Before 2031), v1.0
Description Addresses the requirement for end-entity certificates shall contain public keys that are at least 160 bits for elliptic curve algorithms.
ID TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031
Provider Reference
 TD  PKI Certificate Minimum RSA Public Key Size (Expiring After 2030), v1.0
Description This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI.
ID TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030
Provider Reference
 TD  PKI Certificate Minimum DSA Public Key Size (Expiring After 2030), v1.0
Description This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI.
ID TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030
Provider Reference
 TD  PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring After 2030), v1.0
Description Addresses the requirement for end-entity certificates that expire after 12/31/2030 shall contain public keys that are at least 256 bits for elliptic curve algorithms.
ID TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030
Provider Reference
 TD  End-entity PKI Certificate Minimum RSA Public Key Size, v1.0
Description This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID TD_EndentityPKICertificateMinimumRSAPublicKeySize
Provider Reference
 TD  End-entity PKI Certificate Minimum DSA Public Key Size, v1.0
Description This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI.
ID TD_EndentityPKICertificateMinimumDSAPublicKeySize
Provider Reference
 TD  End-entity PKI Certificate Minimum Elliptic Curve Public Key Size, v1.0
Description This Trustmark Definition specifies a minimum Elliptic Curve key size for private keys use with PKI.
ID TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize
Provider Reference
 TD  End-entity PKI Certificate Public Keys Conform to NIST SP 800-78, v1.0
Description Addresses the requirement for all end-entity certificates associated with PKI to contain public keys that conform to NIST SP 800-78.
ID TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078
Provider Reference
 TD  All end-entity PKI Certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78., v1.0
Description Addresses the requirement for all end-entity certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78.
ID TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078
Provider Reference
 TD  Minimum Key Sizes for Protocols Providing Security for Certificate Policy Requirements, v1.0
Description This Trustmark Definition specifies minimum symmetric and asymmetric RSA key sizes for TLS and similar protocols used to protect PKI information.
ID TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements
Provider Reference
Also available as XML or JSON