| TIP: FBCA CP Section 6.1.5, Key Sizes

FBCA CP Section 6.1.5, Key Sizes, v2.27

Profile of requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), FBCA CP Section 6.1.5, Key Sizes

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/fbca-cp-section-6.1.5_-key-sizes/2.27/

Publication Date

2018-10-30

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

404-407-8956

75 5th Street NW, Suite 900, Atlanta, GA 30308

Keywords

PIV-I, Security, Identity, Federal Bridge

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms and TD_MinimumRSAKeySizeforSelfSignedPKICertificates and TD_MinimumECDSAKeySizeforSelfSignedPKICertificates and TD_RSAEncryptionofPublickeysSelfSigned20102030Exception and TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception and TD_RSASignatureofPKICertificateRevocationLists and TD_DSASignatureofPKICertificateRevocationLists and TD_ECDSASignatureofPKICertificateRevocationLists and TD_MinimumCertificateSignatureRSAKeyLength and TD_MinimumCertificateSignatureECDSAKeyLength and TD_RSAEncryptionofPublicKeys and TD_ECDSAEncryptionofPublicKeys and TD_CertificateandRevocationListDigitalSignaturesPriorto2014 and TD_CertificateandRevocationListDigitalSignaturesPriorto2031 and TD_CertificateandRevocationListDigitalSignatures and TD_CertificateAuthoritiesThatAssertnonSHA1Policies and TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs and TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs and TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs and TD_PresignedOCSPResponsesUsingSHA1 and TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031 and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031 and TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030 and TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030 and TD_EndentityPKICertificateMinimumRSAPublicKeySize and TD_EndentityPKICertificateMinimumDSAPublicKeySize and TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize and TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078 and TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078 and TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements

References (33)

TD Organization Accepts FIPS-approved Signature Algorithms, v1.0
Description	Addresses the requirement for all FIPS-approved signature algorithms to be considered acceptable.
ID	TD_OrganizationAcceptsFIPSapprovedSignatureAlgorithms
Provider Reference

TD Minimum RSA Key Size for Self-Signed PKI Certificates, v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_MinimumRSAKeySizeforSelfSignedPKICertificates
Provider Reference

TD Minimum ECDSA Key Size for Self-Signed PKI Certificates, v1.0
Description	This Trustmark Definition specifies a minimum ECDSA public key size for PKI.
ID	TD_MinimumECDSAKeySizeforSelfSignedPKICertificates
Provider Reference

TD RSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_RSAEncryptionofPublickeysSelfSigned20102030Exception
Provider Reference

TD ECDSA Encryption of Public keys (Self-Signed 2010-2030 Exception), v1.0
Description	This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID	TD_ECDSAEncryptionofPublickeysSelfSigned20102030Exception
Provider Reference

TD RSA Signature of PKI Certificate Revocation Lists, v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_RSASignatureofPKICertificateRevocationLists
Provider Reference

TD DSA Signature of PKI Certificate Revocation Lists, v1.0
Description	This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI.
ID	TD_DSASignatureofPKICertificateRevocationLists
Provider Reference

TD ECDSA Signature of PKI Certificate Revocation Lists, v1.0
Description	This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID	TD_ECDSASignatureofPKICertificateRevocationLists
Provider Reference

TD Minimum Certificate Signature RSA Key Length, v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_MinimumCertificateSignatureRSAKeyLength
Provider Reference

TD Minimum Certificate Signature ECDSA Key Length, v1.0
Description	This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID	TD_MinimumCertificateSignatureECDSAKeyLength
Provider Reference

TD RSA Encryption of Public Keys, v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_RSAEncryptionofPublicKeys
Provider Reference

TD ECDSA Encryption of Public Keys, v1.0
Description	This Trustmark Definition specifies a minimum ECDSA key size for PKI.
ID	TD_ECDSAEncryptionofPublicKeys
Provider Reference

TD Certificate and Revocation List Digital Signatures (Prior to 2014), v1.0
Description	Addresses the requirement for CAs that generate certificates and CRLs to use SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash algorithm when generating digital signatures.
ID	TD_CertificateandRevocationListDigitalSignaturesPriorto2014
Provider Reference

TD Certificate and Revocation List Digital Signatures (Prior to 2031), v1.0
Description	This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates.
ID	TD_CertificateandRevocationListDigitalSignaturesPriorto2031
Provider Reference

TD Certificate and Revocation List Digital Signatures, v1.0
Description	Addresses acceptable hash algorithms for use with PKI.
ID	TD_CertificateandRevocationListDigitalSignatures
Provider Reference

TD Certificate Authorities That Assert non-SHA1 Policies, v1.0
Description	This Trustmark Definition specifies a minimum Hash Algorithm standard for generating signatures on certificates.
ID	TD_CertificateAuthoritiesThatAssertnonSHA1Policies
Provider Reference

TD CSSes Sign Responses With Signature Algorithm Used To Sign CRLs, v1.0
Description	Addresses the requirement for CSSes to sign responses using the same signature algorithm used by the CA to sign CRLs.
ID	TD_CSSesSignResponsesWithSignatureAlgorithmUsedToSignCRLs
Provider Reference

TD CSSes Sign Responses With Signature Key Size Used To Sign CRLs, v1.0
Description	Addresses the requirement for CSSes to sign responses using the same key size used by the CA to sign CRLs.
ID	TD_CSSesSignResponsesWithSignatureKeySizeUsedToSignCRLs
Provider Reference

TD CSSes Sign Responses With Hash Algorithm Used To Sign CRLs, v1.0
Description	Addresses the requirement for CSSes to sign responses using the same hash algorithm used by the CA to sign CRLs.
ID	TD_CSSesSignResponsesWithHashAlgorithmUsedToSignCRLs
Provider Reference

TD Pre-signed OCSP Responses Using SHA-1, v1.0
Description	Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
ID	TD_PresignedOCSPResponsesUsingSHA1
Provider Reference

TD End-entity PKI Certificate Minimum RSA Public Key Size (Expiring Before 2031), v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI.
ID	TD_EndentityPKICertificateMinimumRSAPublicKeySizeExpiringBefore2031
Provider Reference

TD End-entity PKI Certificate Minimum DSA Public Key Size (Expiring Before 2031), v1.0
Description	This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI.
ID	TD_EndentityPKICertificateMinimumDSAPublicKeySizeExpiringBefore2031
Provider Reference

TD End-entity PKI Certificate Minimum Diffie-Hellman Public Key Size (Expiring Before 2031), v1.0
Description	This Trustmark Definition specifies a minimum Diffie-Hellman key size for PKI.
ID	TD_EndentityPKICertificateMinimumDiffieHellmanPublicKeySizeExpiringBefore2031
Provider Reference

TD End-entity PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring Before 2031), v1.0
Description	Addresses the requirement for end-entity certificates shall contain public keys that are at least 160 bits for elliptic curve algorithms.
ID	TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySizeExpiringBefore2031
Provider Reference

TD PKI Certificate Minimum RSA Public Key Size (Expiring After 2030), v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI.
ID	TD_PKICertificateMinimumRSAPublicKeySizeExpiringAfter2030
Provider Reference

TD PKI Certificate Minimum DSA Public Key Size (Expiring After 2030), v1.0
Description	This Trustmark Definition specifies a minimum DSA key size for public keys use with PKI.
ID	TD_PKICertificateMinimumDSAPublicKeySizeExpiringAfter2030
Provider Reference

TD PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring After 2030), v1.0
Description	Addresses the requirement for end-entity certificates that expire after 12/31/2030 shall contain public keys that are at least 256 bits for elliptic curve algorithms.
ID	TD_PKICertificateMinimumEllipticCurvePublicKeySizeExpiringAfter2030
Provider Reference

TD End-entity PKI Certificate Minimum RSA Public Key Size, v1.0
Description	This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
ID	TD_EndentityPKICertificateMinimumRSAPublicKeySize
Provider Reference

TD End-entity PKI Certificate Minimum DSA Public Key Size, v1.0
Description	This Trustmark Definition specifies a minimum DSA key size for private keys use with PKI.
ID	TD_EndentityPKICertificateMinimumDSAPublicKeySize
Provider Reference

TD End-entity PKI Certificate Minimum Elliptic Curve Public Key Size, v1.0
Description	This Trustmark Definition specifies a minimum Elliptic Curve key size for private keys use with PKI.
ID	TD_EndentityPKICertificateMinimumEllipticCurvePublicKeySize
Provider Reference

TD End-entity PKI Certificate Public Keys Conform to NIST SP 800-78, v1.0
Description	Addresses the requirement for all end-entity certificates associated with PKI to contain public keys that conform to NIST SP 800-78.
ID	TD_EndentityPKICertificatePublicKeysConformtoNISTSP80078
Provider Reference

TD All end-entity PKI Certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78., v1.0
Description	Addresses the requirement for all end-entity certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78.
ID	TD_AllendentityPKICertificatesassociatedwithPKIshallcontainalgorithmsthatconformtoNISTSP80078
Provider Reference

TD Minimum Key Sizes for Protocols Providing Security for Certificate Policy Requirements, v1.0
Description	This Trustmark Definition specifies minimum symmetric and asymmetric RSA key sizes for TLS and similar protocols used to protect PKI information.
ID	TD_MinimumKeySizesforProtocolsProvidingSecurityforCertificatePolicyRequirements
Provider Reference

Also available as XML or JSON