The government of the Unites States of America produces technical advice on IT systems and security, including data encryption. The US National Security Agency (NSA) recommends a set of interoperable cryptographic algorithms in its Suite B standard.
The Suite B standard specifies a mode of operation in which only a specific set of secure cryptographic algorithms are used. The Suite B standard specifies:
The encryption algorithm (AES)
The key exchange algorithm (Elliptic Curve Diffie-Hellman, also known as ECDH)
The digital signature algorithm (Elliptic Curve Digital Signature Algorithm, also known as ECDSA)
The hashing algorithms (SHA-256 or SHA-384)
Additionally, the IETF RFC 6460 standard specifies Suite B compliant profiles which define the detailed application configuration and behavior necessary to comply with the Suite B standard. It defines two profiles:
A Suite B compliant profile for use with TLS version 1.2. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
A transitional profile for use with TLS version 1.0 or TLS version 1.1. This profile enables interoperability with non-Suite B compliant servers. When configured for Suite B transitional operation, additional encryption and hashing algorithms may be used.
The Suite B standard is conceptually similar to FIPS 140-2, because it restricts the set of enabled cryptographic algorithms in order to provide an assured level of security.
On Windows, UNIX and Linux® systems, WebSphere® MQ, can be configured to conform to the Suite B compliant TLS 1.2 profile, but does not support the Suite B transitional profile.
references:
https://www.ibm.com/docs/en/ibm-mq/7.5?topic=ssl-national-security-agency-suite-b-cryptography
No comments:
Post a Comment