FBCA CP Section 6.1.5, Key Sizes, v2.27
Profile of requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), FBCA CP Section 6.1.5, Key Sizes
Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/fbca-cp-section-6.1.5_-key-sizes/2.27/ | ||||
Publication Date | 2018-10-30 | ||||
Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
Keywords | PIV-I, Security, Identity, Federal Bridge | ||||
Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms and TD_MinimumRSAKeySizeforSelfSignedPKICertificates and TD_MinimumECDSAKeySizeforSelfSignedPKICertificates and TD_RSAEncryptionofPublickeysSelfSigned20102030Exception and TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception and TD_RSASignatureofPKICertificateRevocationLists and TD_DSASignatureofPKICertificateRevocationLists and TD_ECDSASignatureofPKICertificateRevocationLists and TD_MinimumCertificateSignatureRSAKeyLength and TD_MinimumCertificateSignatureECDSAKeyLength and TD_RSAEncryptionofPublicKeys and TD_ECDSAEncryptionofPublicKeys and TD_CertificateandRevocationListDigitalSignaturesPriorto2014 and TD_CertificateandRevocationListDigitalSignaturesPriorto2031 and TD_CertificateandRevocationListDigitalSignatures and TD_CertificateAuthoritiesThatAssertnonSHA1Policies and TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs and TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs and TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs and TD_PresignedOCSPResponsesUsingSHA1 and TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031 and TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030 and TD_EndentityPKICertificateMinimumRSAPublicKeySize and TD_EndentityPKICertificateMinimumDSAPublicKeySize and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize and TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078 and TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078 and TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements
References (33)
TD Organization Accepts FIPS-approved Signature Algorithms, v1.0 | |
---|---|
Description | Addresses the requirement for all FIPS-approved signature algorithms to be considered acceptable. |
ID | TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms |
Provider Reference |
TD Minimum RSA Key Size for Self-Signed PKI Certificates, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_MinimumRSAKeySizeforSelfSignedPKICertificates |
Provider Reference |
TD Minimum ECDSA Key Size for Self-Signed PKI Certificates, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum ECDSA public key size for PKI. |
ID | TD_MinimumECDSAKeySizeforSelfSignedPKICertificates |
Provider Reference |
TD RSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_RSAEncryptionofPublickeysSelfSigned20102030Exception |
Provider Reference |
TD ECDSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum ECDSA key size for PKI. |
ID | TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception |
Provider Reference |
TD RSA Signature of PKI Certificate Revocation Lists, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_RSASignatureofPKICertificateRevocationLists |
Provider Reference |
TD DSA Signature of PKI Certificate Revocation Lists, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI. |
ID | TD_DSASignatureofPKICertificateRevocationLists |
Provider Reference |
TD ECDSA Signature of PKI Certificate Revocation Lists, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum ECDSA key size for PKI. |
ID | TD_ECDSASignatureofPKICertificateRevocationLists |
Provider Reference |
TD Minimum Certificate Signature RSA Key Length, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_MinimumCertificateSignatureRSAKeyLength |
Provider Reference |
TD Minimum Certificate Signature ECDSA Key Length, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum ECDSA key size for PKI. |
ID | TD_MinimumCertificateSignatureECDSAKeyLength |
Provider Reference |
TD RSA Encryption of Public Keys, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_RSAEncryptionofPublicKeys |
Provider Reference |
TD ECDSA Encryption of Public Keys, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum ECDSA key size for PKI. |
ID | TD_ECDSAEncryptionofPublicKeys |
Provider Reference |
TD Certificate and Revocation List Digital Signatures (Prior to 2014), v1.0 | |
---|---|
Description | Addresses the requirement for CAs that generate certificates and CRLs to use SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash algorithm when generating digital signatures. |
ID | TD_CertificateandRevocationListDigitalSignaturesPriorto2014 |
Provider Reference |
TD Certificate and Revocation List Digital Signatures (Prior to 2031), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates. |
ID | TD_CertificateandRevocationListDigitalSignaturesPriorto2031 |
Provider Reference |
TD Certificate and Revocation List Digital Signatures, v1.0 | |
---|---|
Description | Addresses acceptable hash algorithms for use with PKI. |
ID | TD_CertificateandRevocationListDigitalSignatures |
Provider Reference |
TD Certificate Authorities That Assert non-SHA1 Policies, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates. |
ID | TD_CertificateAuthoritiesThatAssertnonSHA1Policies |
Provider Reference |
TD CSSes Sign Responses With Signature Algorithm Used To Sign CRLs, v1.0 | |
---|---|
Description | Addresses the requirement for CSSes to sign responses using the same signature algorithm used by the CA to sign CRLs. |
ID | TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs |
Provider Reference |
TD CSSes Sign Responses With Signature Key Size Used To Sign CRLs, v1.0 | |
---|---|
Description | Addresses the requirement for CSSes to sign responses using the same key size used by the CA to sign CRLs. |
ID | TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs |
Provider Reference |
TD CSSes Sign Responses With Hash Algorithm Used To Sign CRLs, v1.0 | |
---|---|
Description | Addresses the requirement for CSSes to sign responses using the same hash algorithm used by the CA to sign CRLs. |
ID | TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs |
Provider Reference |
TD Pre-signed OCSP Responses Using SHA-1, v1.0 | |
---|---|
Description | Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1. |
ID | TD_PresignedOCSPResponsesUsingSHA1 |
Provider Reference |
TD End-entity PKI Certificate Minimum RSA Public Key Size (Expiring Before 2031), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI. |
ID | TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031 |
Provider Reference |
TD End-entity PKI Certificate Minimum DSA Public Key Size (Expiring Before 2031), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI. |
ID | TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031 |
Provider Reference |
TD End-entity PKI Certificate Minimum Diffie-Hellman Public Key Size (Expiring Before 2031), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum Diffie-Hellman key size for PKI. |
ID | TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031 |
Provider Reference |
TD End-entity PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring Before 2031), v1.0 | |
---|---|
Description | Addresses the requirement for end-entity certificates shall contain public keys that are at least 160 bits for elliptic curve algorithms. |
ID | TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031 |
Provider Reference |
TD PKI Certificate Minimum RSA Public Key Size (Expiring After 2030), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI. |
ID | TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030 |
Provider Reference |
TD PKI Certificate Minimum DSA Public Key Size (Expiring After 2030), v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI. |
ID | TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030 |
Provider Reference |
TD PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring After 2030), v1.0 | |
---|---|
Description | Addresses the requirement for end-entity certificates that expire after 12/31/2030 shall contain public keys that are at least 256 bits for elliptic curve algorithms. |
ID | TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030 |
Provider Reference |
TD End-entity PKI Certificate Minimum RSA Public Key Size, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI. |
ID | TD_EndentityPKICertificateMinimumRSAPublicKeySize |
Provider Reference |
TD End-entity PKI Certificate Minimum DSA Public Key Size, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI. |
ID | TD_EndentityPKICertificateMinimumDSAPublicKeySize |
Provider Reference |
TD End-entity PKI Certificate Minimum Elliptic Curve Public Key Size, v1.0 | |
---|---|
Description | This Trustmark Definition specifies a minimum Elliptic Curve key size for private keys use with PKI. |
ID | TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize |
Provider Reference |
TD End-entity PKI Certificate Public Keys Conform to NIST SP 800-78, v1.0 | |
---|---|
Description | Addresses the requirement for all end-entity certificates associated with PKI to contain public keys that conform to NIST SP 800-78. |
ID | TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078 |
Provider Reference |
TD All end-entity PKI Certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78., v1.0 | |
---|---|
Description | Addresses the requirement for all end-entity certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78. |
ID | TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078 |
Provider Reference |
TD Minimum Key Sizes for Protocols Providing Security for Certificate Policy Requirements, v1.0 | |
---|---|
Description | This Trustmark Definition specifies minimum symmetric and asymmetric RSA key sizes for TLS and similar protocols used to protect PKI information. |
ID | TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements |
Provider Reference |