RSA BSAFE TLS-J MICRO EDITION

Transcription

1 RSA BSAFE TLS-J MICRO EDITION Cryptographic security toolkit helps enable established, state-of-the-art and memory-efficient cryptographic algorithms for resource-constrained devices. AT A GLANCE Designed specifically for Java platform, Micro Edition (Java ME) developers. Provides memory efficient implementations of established and state-of-the-art cryptographic algorithms for resource-constrained devices. OVERVIEW Protecting user privacy, sensitive information, application and firmware code, and other digital assets continues to be a major concern for developers. Manufacturers need to provide capabilities to protect the rights and revenue streams of publishers delivering applications and content for their platform. And devices need a secure way to authenticate with each other over networks and transfer information securely. The RSA BSAFE TLS-J Micro Edition software combines core security functionality, including cryptography, digital certificate-based authentication and non-repudiation, and secure transport over SSL/TLS to to help create a secure environment within applications without sacrificing performance, effectiveness and flexibility. Supports the Connected Device Configuration (CDC) and Connected Limited Device Configuration (CLDC) frameworks. Allows the user to develop with either Java Cryptography Extension (JCE) provider, or the proprietary RSA BSAFE API. KEY FEATURES Broad range of algorithms, ciphers and message digests Cryptographic syntax services Low memory consumption Data encoding services Provides flexibility to suit a wide variety of security needs. Complies with Public Key Cryptography Standards (PKCS), standards that define cryptographic processes for easy interoperability. Small memory footprint; optimized for resourceconstrained devices. Standard practices employed when data in cryptographic applications is transferred between individuals/devices; providing improved interoperability. Digital certificate support Support for requesting and parsing X.509 standard digital certificates. Authentication support TLS support Support for client and server authentication, as well as message authentication using the HMAC standard. Support for TLS client and server for protocol versions 1.0, 1.1, and 1.2 (CLDC only). Data Sheet

2 TECHNICAL FEATURES FIPS Security Level 1 Validated (CDC only) and Suite B compliant AES 128-bit and 256-bit keys for encryption; SHA-256 and SHA-384 for hashing ; ECDSA for digital signatures; ECDH for key exchange ; Fp curves using 256 or 384 prime modulus. Drop in FIPS 140 replacement for SUN JCE (CDC only) Supports both CDC and CLDC framework Support for X.509 certificates and X.509 CRL s Support for both TLS client and server for protocol versions 1.0, 1.1 and 1.2 (CLDC only). ALGORITHM SUPPORT Algorithms Types Named elliptic curves Prime Curve P-256, Prime Curve P-384, Prime Curve P-521 Asymmetric encryption and decryption Symmetric encryption and decryption Password-based encryption algorithms Digital signature schemes HMAC message authentication codes Message digests Random number generation Key generation options Key derivation options Key agreement options RSA 2-Prime with the following valid padding modes: ANSI X9.31, Optimal Asymmetric Encryption Padding (OAEP), and PKCS #1 Block02 Padding. Also supports ECIES with KDF2-XOR, and AES PKCS #12 Triple-DES, PKCS #12 RC2, and PKCS #12 RC4 ArcSoft TotalMedia Theatre 3 Blue Ray Player (Microsoft Windows) RSA algorithm with PKCS #1 v1.5, probabilistic signature scheme, and X9.31 using the following applicable common digests: MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. DSA and ECDSA algorithm with the following applicable digests: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 HMAC/MD5, HMAC/SHA-1, HMAC/SHA-224, HMAC/ SHA-256, HMAC/SHA-384, and HMAC/SHA-512 MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 FIPS based PRNG, dual EC DRBG, HMAC DRBG RSA X9.31, Diffie-Hellman, EC (ECDH, ECDHC, ECIES, and ECDSA), DSA Password-based key derivation function 2 with the following digests: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Diffie-Hellman primitives, ECDH primitives, ECDHC primitives RSA Data Sheet page 2

3 TLS Cipher Suite Support TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA Note: All ECDHE_ECDSA cipher suites are supported on Prime Curve P-256 and Prime Curve P-384. Ports on other platforms, as well as assembly and custom algorithm optimizations, may be available please contact your RSA Sales Representative for further details. PLATFORM SUPPORT Java ME Specification CDC 1.1/foundation profile 1.1 CDC 1.1/foundation profile 1.1 with optional JCE Package CDC 1.1/foundation profile 1.1 with optional JCE package CDC 1.1/foundation profile 1.1 CDC 1.1/foundation profile 1.1 CLDC 1.1/mobile information device profile 2.0 CLDC 1.1/mobile information device profile 2.0 CLDC 1.1/mobile information device profile 2.0 CLDC 1.1/mobile information device profile 2.0 Device/Runtime Environment Java ME SDK 3.0 CDC emulator (Microsoft Windows XP SP3 x86) Java ME SDK 3.0 CDC emulator (Microsoft Windows XP SP3 x86) Multifunctional Embedded Application Platform SDK 3.6 (Canon s imagerunner) ArcSoft TotalMedia Theatre 3 Blue Ray Player (Microsoft Windows) Sony Playstation 3.0 CECH-2002A Sun Java wireless toolkit 2.5.2_01 for CLDC (Emulator) Microsoft Windows XP SP3 x86 Nokia E63 Nokia N95 Sony Ericsson T715a RSA Data Sheet page 3

4 ALGORITHMS RSA Data Sheet page 4

5 RSA Data Sheet page 5

6 NAMED CURVES RSA Data Sheet page6

7 SUPPORTED STANDARDS TLS CIPHER SUITES RSA Data Sheet page 7

8 RSA Data Sheet page 8

9 RSA Data Sheet page 9

10 ABOUT RSA RSA is the premier provider of security, risk and compliance solutions, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, data loss prevention, encryption and tokenization, fraud protection and SIEM with industry leading egrc capabilities and consulting services, RSA brings trust and visibility to millions of user identities, the transactions that they perform and the data that is generated. EMC 2, EMC, BSAFE, RSA and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners EMC Corporation. All rights reserved. Published in the USA. H9043 TLSJME DS 1111