All modules
CMVP Validated Module · FIPS 140-3 Security Policy

nShield 5s Hardware Security Module

Certificate#4745StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorEntrust
Medium review priority  ·  exposes boot-chain verification, firmware-update authentication, debug/recovery interface, HSM/SE firmware trust anchor  ·  U-Boot upstream has published 10 CVEs since this module's initial validation  ·  last validated 15 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date7/30/2029
CaveatWhen installed, initialized and configured as specified in Section 11.3 of the Security Policy
VendorEntrust
Hardware versionsPCA10005-01 revision 03 and 04

Approved Algorithms (55)

AlgorithmACVP Cert
AES-CBCA2513
AES-CMACA2513
AES-CTRA2512
AES-ECBA2512
AES-ECBA2513
AES-GCMA2512
AES-GCMA2513
AES-KWA2513
AES-KWPA2513
DSA KeyGen (FIPS186-4)A2513
DSA PQGGen (FIPS186-4)A2513
DSA PQGVer (FIPS186-4)A2513
DSA SigGen (FIPS186-4)A2513
DSA SigVer (FIPS186-4)A2513
ECDSA KeyGen (FIPS186-4)A2513
ECDSA KeyVer (FIPS186-4)A2513
ECDSA SigGen (FIPS186-4)A2512
ECDSA SigGen (FIPS186-4)A2513
ECDSA SigVer (FIPS186-4)A2512
ECDSA SigVer (FIPS186-4)A2513
Hash DRBGA2513
HMAC-SHA-1A2513
HMAC-SHA2-224A2513
HMAC-SHA2-256A2512
HMAC-SHA2-256A2513
HMAC-SHA2-384A2513
HMAC-SHA2-512A2513
KAS-ECC Sp800-56Ar3A2513
KAS-ECC Sp800-56Ar3A2513
KAS-ECC-SSC Sp800-56Ar3A2512
KAS-FFC Sp800-56Ar3A2513
KAS-FFC Sp800-56Ar3A2513
KDF SP800-108A2513
KDF SSHA2512
KTS-IFCA2513
RSA KeyGen (FIPS186-4)A2513
RSA SigGen (FIPS186-4)A2513
RSA SigVer (FIPS186-4)A2404
RSA SigVer (FIPS186-4)A2513
RSA SigVer (FIPS186-4)A6385
Safe Primes Key GenerationA2513
Safe Primes Key VerificationA2513
SHA-1A2513
SHA2-224A2513
SHA2-256A2404
SHA2-256A2512
SHA2-256A2513
SHA2-256A6385
SHA2-384A2513
SHA2-512A2512
SHA2-512A2513
SHA3-224A2513
SHA3-256A2513
SHA3-384A2513
SHA3-512A2513

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Cryptographic Module Interfaces3
Operational EnvironmentN/A
Physical Security3
Sensitive Security Parameter Management3
Self-Tests3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for nShield 5s Hardware Security Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>uboot-version 1.1.0 and uboot-version 1.4.1</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>updater receive<br/>updater load<br/>receive</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>nCoreAPI Show Status<br/>getlog<br/>python- zeroconf</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>PCIe bus<br/>Smartcard reader serial port</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for nShield 5s Hardware Security Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>uboot-version 1.1.0 and uboot-version 1.4.1</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>updater receive<br/>updater load<br/>receive</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>nCoreAPI Show Status<br/>getlog<br/>python- zeroconf</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>PCIe bus<br/>Smartcard reader serial port</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

nShield 5s Hardware Security Module ``

Page 2

Version: 1.0.5 Date: 08/01/2025 not been removed or altered. Words and logos marked with ® or ™ are trademarks of nCipher Security Limited or its affiliates in the EU and other countries. Mac and OS X are trademarks of Apple Inc., registered in the U.S. and other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Information in this document is subject to change without notice. nCipher Security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher Security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Where translations have been made in this document English is the canonical language. nCipher Security Limited Registered Office: One Station Square, Cambridge, CB1 2GA, United Kingdom Registered in England No. 11673268 nCipher is an Entrust company. Entrust, Datacard, and the Hexagon Logo are trademarks, registered trademarks, and/or service marks of Entrust Corporation in the U.S. and/or other countries. All other brand or product names are the property of their respective owners. Because we are continuously improving our products and services, Entrust Corporation reserves the right to change specifications without prior notice. Entrust is an equal opportunity employer.

2 of 47

nShield 5s Hardware Security Module

Page 3

Contents nShield 5s Hardware Security Module

3 of 47
Page 4
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic Module Interfaces3
44Roles, Services and Authentication3
55Software/Firmware security3
66Operational EnvironmentN/A
77Physical Security3
88Non-invasive SecurityN/A
99Sensitive Security Parameter Management3
1010Self-Tests3
1111Life-cycle Assurance3
1212Mitigation of Other AttacksN/A

Security Module, i.e. the Cryptographic Module, to meet with the security requirements in FIPS 1403 and ISO/IEC 19790. The Cryptographic Module meets overall FIPS 140-3 Security Level 3. The following table specifies the security level in detail. N/A N/A N/A [Number Below] Table 1 Security levels

4 of 47

nShield 5s Hardware Security Module

Page 5
Module configuration
NameModelHardware VersionFirmware VersionFeatures
nShield 5s F3 model number nC5536EnShield 5s F3 model number nC5536EPCB Assembly Part Number: PCA10005- 01 PCB Assembly Revision: 03, 04primary: 13.2.4 recovery: 13.2.4 uboot: 1.1.0, 1.4.1PCIe form factor
nShield 5s for nShield 5c and for nShield HSMi model number nC5536NnShield 5s for nShield 5c and for nShield HSMi model number nC5536NPCIe form factor identical to the nShield 5s F3 (nC5536E), embedded inside the nShield 5c or the nShield HSMi network appliances.
2 Cryptographic module specification
2.1 Scope

The following product hardware variants and firmware version(s) are in scope of this Security Policy. PCA10005HSMi Table 2 Cryptographic Module Tested Configuration

2.2 Cryptographic module description

The nShield 5s Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing. The nShield 5s HSM is also embedded inside the nShield 5c or the nShield HSMi, which are networkattached appliances delivering cryptographic services as a shared network resource for distributed applications and virtual machines, giving organizations a highly secure solution for establishing physical and logical controls for server-based systems. The table below shows the nShield 5s HSM (left, representative of the two hardware variants nC5536E,

5 of 47
Page 6
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES [FIPS 197] [SP 800-38A] [SP 800-38D]A2513ECB CBC GCMKey sizes: 128, 192, 256 bits.Data encryption/decryption
KTS (AES) [SP 800-38F] [SP 800-38D]A2513KW KWP GCMKey sizes: 128, 192, 256 bits. (Key establishment methodology provides between 128, 192, 256 bits of encryption strength.)Key wrapping/unwrapping
KTS-IFC [SP 800-56Brev2]A2513KTS-IFC (KTS-OAEP-basic) with SHA2- 224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512Modulus length: 2048, 3072, 4096 bits. (Key establishment methodology provides between 112 and 150 bits of encryption strength.)Key transport (encapsulation, un- encapsulation)
CKG [SP 800-133rev2]Vendor affirmedSection 6.1 "Direct Generation" of symmetric keysn/aSymmetric key generation
RSA keyGen [FIPS 186-4]A2513RSASSA-PKCS-v1_5, RSASSA-PSSModulus length: 2048, 3072, 4096 bits. (Provides 112, 128, 150 bits of strength.)Key generation
RSA SigGen [FIPS 186-4]A2513RSASSA-PKCS-v1_5, RSASSA-PSS with SHA2-224, SHA2-256, SHA2-384, SHA2-512Modulus length: 2048, 3072, 4096 bits. (Provides 112, 128, 150 bits of strength.)Signature generation
RSA SigVer [FIPS 186-4]A2513RSASSA-PKCS-v1_5, RSASSA-PSS with SHA-1 (legacy use only), SHA2-224, SHA2-256, SHA2-384, SHA2-512Modulus length: 1024 (legacy use only), 2048, 3072, 4096 bits.Signature verification
ECDSA KeyGen [FIPS 186-4]A2513n/aCurves: P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571 (Provides between 112 and 256 bits of encryption strength.)Key generation
ECDSA KeyVer [FIPS 186-4]A2513n/aCurves: P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571 (Provides between 112 and 256 bits of encryption strength.)Key verification
ECDSA SigGen [FIPS 186-4]A2513n/aCurves: P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571 (Provides between 112 and 256 bits of encryption strength.)Signature generation
ECDSA SigVer [FIPS 186-4]A2513n/aCurves: P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571Signature verification
DSA KeyGen [FIPS 186-4]A2513n/aL = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bits (Provides between 112 and 128 bits of strength.)Key generation
DSA SigGen [FIPS 186-4]A2513Uses SHA2-224, SHA2-256, SHA2-384, SHA2-512L = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bits (Provides between 112 and 128 bits of strength.)Signature generation
DSA SigVer [FIPS 186-4]A2513Uses SHA-1 (legacy use only), SHA2- 224, SHA2-256, SHA2-384, SHA2-512L = 1024 bits, N = 160 bits (legacy use only) L = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bitsSignature verification
DSA PQGGenA2513n/aL = 2048 bits, N = 224 bitsDomain parameter generation
[FIPS 186-4]L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bits (Provides between 112 and 128 bits of strength.)
DSA PQGVer [FIPS 186-4]A2513n/aL = 1024 bits, N = 160 bits (legacy use only) L = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bitsDomain parameter verification
HMAC [FIPS 198]A2513HMAC-SHA1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512Key sizes: 128 bits =< key size =< 2048 bits. Output length: 10 to 64 bytes. (Provides between 128 and 256 bits of strength.)MAC generation and verification
AES [SP 800-38B]A2513CMACKey sizes: 128, 192, 256 bits.MAC generation and verification
KAS-FFC [SP 800-56Arev3]A2513DHDomain params: MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192, FB, FC KDF: oneStep with auxiliary functions SHA2-224, SHA2-256, SHA2-384, SHA2-512 (Key establishment methodology provides between 112 and 200 bits of encryption strength.)Key agreement, compliant with IG D.F. Scenario 2, path 2.
KAS-FFC [SP 800-56Arev3]A2513DHDomain params: MODP-3072 KDF: oneStep with auxiliary function SHA2-256 (Key establishment methodology provides 128 bits of encryption strength.)Key agreement used in Impath channel, compliant with IG D.F. Scenario 2, path 2.
Safe Primes Key Generation [SP 800-56Arev3]A2513KeyGen for KAS-FFCSafe prime groups: MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 (Provides between 112 and 200 bits of encryption strength.)KAS-FFC key generation
Safe Primes Key Verification [SP 800-56Arev3]A2513KeyVer for KAS-FFCSafe prime groups: MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192KAS-FFC key verification
KAS-ECC [SP 800-56Arev3]A2513ECDH ECMQVCurves: P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571Key agreement, compliant with IG D.F. Scenario 2, path 2.
KAS-ECC [SP 800-56Arev3]A2513ECDHCurves: P-521 KDF: twoStep with auxiliary HMAC-SHA2-256 (Key establishment methodology provides 256 bits of encryption strength.)Key agreement for smartcard channel, compliant with IG D.F. Scenario 2, path 2.
KBKDF [SP 800-108rev1]A2513counter mode CMAC-AES256Key sizes: 128, 192, 256 bits. Output length: 128 bits. (Provides between 128 and 256 bits of strength.)Key derivation
SHS [FIPS 180-4]A2513SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512n/aMessage digest
SHA-3 [FIPS 202]A2513SHA3-224, SHA3-256, SHA3-384, SHA3-512n/aMessage digest
DRBG [SP 800-90Arev1]A2513Hash_DRBG256 bits of security strengthRandom bit generation
RSA SigVer [FIPS 186-4]A2404 A6385RSASSA-PKCS-v1_5 with SHA2-256Modulus length: 4096 bits (Provides 149 bits of strength)Signature verification
SHS [FIPS 180-4]A2404 A6385SHA2-256n/aMessage digest
AES [FIPS 197] [SP 800-38A] [SP 800-38D]A2512CTR GCM ECBKey sizes: 128 bitsData encryption/decryption
CKG [SP 800- 133rev2]Vendor affirmedSection 6.1 "Direct Generation" of symmetric keysn/aSymmetric key generation
ECDSA SigGen [FIPS 186-4]A2512n/aCurves: P-256, P-521 (Provides between 128 and 256 bits of strength.)Signature generation
ECDSA SigVer [FIPS 186-4]A2512n/aCurves: P-256, P-521 (Provides between 128 and 256 bits of strength.)Signature verification
HMAC [FIPS 198]A2512HMAC-SHA2-256Key sizes: 256 bits Output length: 32 bytes (Provides 256 bits of strength.)MAC generation and verification
KAS-ECC-SSC [SP 800- 56Arev3]A2512ECDHCurves: P-256 (Key establishment methodology provides 128 bits of encryption strength)Key agreement
CVL - Secure Shell (SSHv2) KDF [SP 800- 135rev1]A2512n/an/aKey derivation
KAS-ECC [SP 800- 56Arev3] [SP 800-135rev1]A2512ECDHCurves: P-256 KDF (CVL): SSHv2 (Key establishment methodology provides 128 bits of encryption strength)Key agreement, KAS-ECC-SSC (Cert. #A2512) in conjunction with SSHv2 KDF (CVL) of SP 800-135rev1 (Cert. #A2512), which is compliant with IG D.F. Scenario 2, path 2.
SHS [FIPS 180-4]A2512SHA2-256 SHA2-512n/aMessage digest

Figure 1 nShield 5s (left) and nShield 5c (right) The cryptographic boundary is delimited in red in the images in the table below. It is delimited by the heat sink and the outer edge of the potting material on the top and bottom of the PCB. Figure 2 Cryptographic module physical boundary The module enforces that only approved services are available and plaintext import/export of secret or private keys is not allowed. Refer to Approved mode of operation.

2.3 Supported cryptographic algorithms

This section describes the cryptographic mechanisms and security functions provided and used by the cryptographic module. 2.3.1 Approved algorithms The following tables describe the approved cryptographic algorithms supported by the Cryptographic Module. Note: All AES symmetric key sizes have equivalent strength. 2.3.1.1 nCore crypto

6 of 47

nShield 5s Hardware Security Module

Page 7

n/a n/a n/a n/a n/a n/a nShield 5s Hardware Security Module

7 of 47
Page 8
8 of 47

nShield 5s Hardware Security Module

Page 9

Table 3 nCore - Approved Algorithms Note: For AES GCM, the 96-bit IV is internally generated using the approved DRBG as per IG C.H. Note: ECDSA SigVer with P-192 has been CAVP-tested but is not used by any approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by an approved service of the module. 2.3.1.2 Bootloader crypto n/a Table 4 Bootloader - Approved Algorithms nShield 5s Hardware Security Module

9 of 47
Page 10

2.3.1.3 SSH crypto 800symmetric keys n/a n/a n/a n/a 80056Arev3] Table 5 SSH - Approved Algorithms Note: As per IG D.C., no parts of this protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. Note: For AES GCM, the module is compliant with RFCs 4252, 4253 and 5647, and the IV is generated according to the SSHv2 protocol IV generation, as per IG C.H. In case the module’s power is lost and then restored, a new key for use with the AES-GCM encryption/decryption is established.

10 of 47

nShield 5s Hardware Security Module

Page 11
Approved algorithm
NameUse FunctionUse/Function
ECDSA [FIPS 186-4]• brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength)Key generation Signature generation and verification
KAS-ECC [SP 800-56Arev3]• brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength)Key agreement

2.3.2 Allowed algorithms The following table describes the allowed cryptographic algorithms supported by the Cryptographic Module. 2.3.2.1 nCore crypto

11 of 47
Page 12
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
PCIe busPCIe busData inputnCoreAPI, Updater, SSHAdmin
Data outputData outputnCoreAPI, SSHAdmin
Control inputControl inputnCoreAPI, SSHAdmin, Setup, Monitor, Discovery
Status outputStatus outputnCoreAPI, Updater, Setup, Monitor, Discovery
PowerPowern/a
Smartcard reader serial portSmartcard reader serial portData inputAPDU commands
Data outputData outputAPDU commands
Status LEDStatus LEDStatus outputn/a
Recovery buttonRecovery buttonControl inputn/a
BatteryBatteryPowern/a
3 Cryptographic module interfaces

The Cryptographic Module provides the following physical ports:

12 of 47

nShield 5s Hardware Security Module

Page 13
Service
NameRolesInputOutput
setup infoPCOInput argumentsVersioning information, return status code
setup factorystatePCOInput argumentsreturn status code
setup gettimePCOInput argumentsTime, return status code
setup settimePCOInput arguments, timereturn status code
sshadmin setPCOInput arguments, service, SSH client public keyreturn status code
sshadmin listPCOInput arguments, serviceSSH client public key, return status code
sshadmin get-serverkeyPCOInput arguments, serviceSSH server public key (KSSH_UPDATER, KSSH_SSHADMIN, KSSH_MONITOR, KSSH_SETUP), return status code
updater infoPCOInput argumentsVersioning information, return status code
updater receivePCOInput arguments, fw update filefw update file info, return status code
updater loadPCOInput arguments, fw update file inforeturn status code
monitor getlogPCOInput argumentsLogs, return status code
monitor clearlogPCOInput argumentsreturn status code
discovery python-zeroconfAllInput argumentsIP address, return status code
nCoreAPI Big number operationUCInput argumentsOperation result, return status code
nCoreAPI Make BlobUCInput arguments, key handleKey blob, return status code
nCoreAPI Bulk channelUCInput arguments, dataOperation result, return status code
nCoreAPI Check User ActionUCInput arguments, key handlereturn status code
nCoreAPI Clear UnitUCInput arguments, module modereturn status code
nCoreAPI Set Module KeyNSOInput arguments, key handlereturn status code
nCoreAPI Remove Module KeyNSOInput arguments, key hashreturn status code
nCoreAPI Duplicate key handleUCInput arguments, key handleKey handle, return status code
nCoreAPI Enable featureUCInput arguments, featuresreturn status code
nCoreAPI EncryptionUCInput arguments, mechanism, key handle, plaintext data, ivEncrypted data, return status code
nCoreAPI DecryptionUCInput arguments, mechanism, key handle, encrypted dataDecrypted data, return status code
nCoreAPI Erase from smartcard /softcardUCInput arguments, slot, file inforeturn status code
nCoreAPI Format TokenUCInput arguments, slotreturn status code
nCoreAPI File operationsUCInput arguments, file info, operationreturn status code
nCoreAPI Force module to failUCInput argumentsreturn status code
nCoreAPI Generate prime numberUCInput arguments, lengthBignumber, return status code
nCoreAPI Generate random numberUCInput arguments, lengthRandom bytes, return status code
nCoreAPI Get ACLUCInput arguments, key handleacl, return status code
nCoreAPI Get key application dataUCInput arguments, key handleApplication data, return status code
nCoreAPI Get challengeUCInput argumentsNonce, return status code
nCoreAPI Get KLF2UCInput argumentsKey handle, return status code
nCoreAPI Get Key InformationUCInput arguments, key handleKey info, return status code
nCoreAPI Get module signing keyUCInput argumentsKey handle, return status code
nCoreAPI Get list of slot in the moduleUCInput argumentsSlots info, return status code
nCoreAPI Get Logical Token InfoUCInput arguments, key handleLogical token info, return status code
nCoreAPI Get list of module keysUCInput argumentshash of KNSO (HKNSO), hash of module keys, return status code
nCoreAPI Get module stateUCInput argumentsModule attributes, return status code
nCoreAPI Get real time clockUCInput argumentstime, return status code
nCoreAPI Get share access control listUCInput arguments, slotacl, return status code
nCoreAPI Get Slot InformationUCInput arguments, slotsmartcard info, return status code
nCoreAPI Get TicketUCInput argumentsTicket, return status code
nCoreAPI Initialize UnitUCInput argumentsreturn status code
nCoreAPI Insert a SoftcardUCInput arguments, slotreturn status code
nCoreAPI Remove a SoftcardUCInput arguments, slotreturn status code
nCoreAPI Impath channelUCInput arguments, datadata, return status code
nCoreAPI Key generationUCInput arguments, key params, acl, app dataKey handle, key generation cert, return status code
nCoreAPI Key importUCInput arguments, wrapped key, acl, app dataKey handle, return status code
nCoreAPI Derive KeyUCInput arguments, mechanism, key handlesKey handle, return status code
nCoreAPI Load BlobUCInput arguments, blob dataKey handle, return status code
nCoreAPI Load Logical TokenUCInput arguments, logical token hashKey handle, return status code
nCoreAPI Generate Logical TokenUCInput argumentsLogical token hash, key handle, return status code
nCoreAPI Message digestUCInput arguments, mechanism, data to be hashedHashed data, return status code
nCoreAPI Modular ExponentiationUCInput argumentsOperation result, return status code
nCoreAPI Module hardware informationUCInput argumentsHw info, return status code
nCoreAPI No OperationUCInput argumentsreturn status code
nCoreAPI Change Share PassphraseUCInput arguments, slot, old pin, new pinreturn status code
nCoreAPI NVRAM AllocateNSOInput arguments, file info, aclreturn status code
nCoreAPI NVRAM FreeUCInput arguments, file namereturn status code
nCoreAPI Operation on NVM listUCInput argumentsFiles info, return status code
nCoreAPI Operation on NVM filesUCInput arguments, file name, operationOperation result, return status code
nCoreAPI Key exportUCInput arguments, key handleWrapped key, return status code
nCoreAPI Read fileUCInput arguments, file info, slotFile data, return status code
nCoreAPI Read shareUCInput arguments, slot, key handlereturn status code
nCoreAPI Send share to remote slotUCInput argumentsEncrypted share, return status code
nCoreAPI Receive share from remote slotUCInput arguments, encrypted sharereturn status code
nCoreAPI Redeem TicketUCInput arguments, ticketKey handle, return status code
nCoreAPI Remote AdministrationUCInput arguments, apdu payloadapdu payload, return status code
nCoreAPI DestroyUCInput arguments, key handlereturn status code
nCoreAPI Report statisticsUCInput argumentsStatistics, return status code
nCoreAPI Show StatusUCInput argumentsStatus and versioning info, return status code
nCoreAPI Set ACLUCInput arguments, key handle, aclreturn status code
nCoreAPI Set key application dataUCInput arguments, key handle, app datareturn status code
nCoreAPI Set NSO PermissionsNSOInput arguments, hash of KNSO (KNSO), permissionsreturn status code
nCoreAPI Signature generationUCInput arguments, mechanism, priv key handle, data to be signedSigned data, return status code
nCoreAPI Sign Module StateUCInput argumentsCertificate, return status code
nCoreAPI Signature verificationUCInput arguments, mechanism, pub key handle, data to be verifiedreturn status code
nCoreAPI Write fileNSOInput arguments, file info, slot, datareturn status code
nCoreAPI Write shareUCInput arguments, file info, slotData, return status code
4 Roles, services and authentication
4.1 Roles

The Cryptographic Module supports the following roles:

13 of 47
Page 14
14 of 47

nShield 5s Hardware Security Module

Page 15

nShield 5s Hardware Security Module

15 of 47
Page 16
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
The ciphersuites used are: ecdh-sha2-nistp256 , aes128-gcm@openssh.com, aes128-ctr@openssh.com, hmac- sha2-256-etm@openssh.com This results in a security strength of 128 bits. A random authentication attempt gives is a probability of success of 2-128, which is less than one in 1,000,000.ECDSA P-256, P-521 client key authentication as part of establishing an SSH based secure channel. Identity-based and required.PCO UC
Authentication StrengthAuthentication MethodRole
The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-108, which is less than one in 100,000.
A logical token share stored in a Smartcard or Softcard is encrypted and MAC'ed. An attacker would need to guess the encrypted share value and the associated MAC in order to be able to load a valid Logical token share into the module. This requires, as a minimum, guessing a 256-bit HMAC-SHA256 value, which gives a security strength of 256 bits. A random authentication attempt gives is a probability of success of 2-256 , which is less than one in 1,000,000. The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-236, which is less than 10-5, which is less than one in 100,000.smartcard authentication. Identity-based and required.NSO

Table 8 Roles, Service Commands, Input and Output

16 of 47

nShield 5s Hardware Security Module

Page 17
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
infoThis is a Show Module's Versioning Information service. This command prints out the contents of the board-id rom file and a number of flags that indicate which other setup subcommands have been previously executed as determined by the existence or non-existence of the relevant files in long-term storage. It also prints out the tag and value pairs of any options set with the setopt subcommand.PCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
factorystateThis is the Perform Zeroisation service. It zeroizes unprotected SSPs and returns the module to factory state. It then initiates a module reboot.PCOKRESET (note: any SSP that is derived from KRESET, or protected by an SSP derived from KRESET, will also be effectively zeroised.) KSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Z E G (note: SSH server authentication keys are only generated on first reboot after areturn status code 0
Key generation (Cert. #A2513: ECDSA KeyGen, vendor affirmed: CKG)KSSH_SETUP, KSSH_SSHADMIN, KSSH_MONITOR, KSSH_UPDATER, KRESETKey generation (Cert. #A2513: ECDSA KeyGen, vendor affirmed: CKG)setup factorystate command)
settimeThis subcommand sets the system date and time.PCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
gettimeThis subcommand returns the system date and time.PCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
setLoads the client public key in the module, that will be used to authenticate the requester of a particular servicePCOKSSH_CLIENT pub KSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)W Ereturn status code 0
listObtains the client public key for the service given by the 'role' parameter.PCOKSSH_CLIENT pub KSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)R Ereturn status code 0
get- serverkeyObtains the server public key for the service given by the 'role' parameter.PCOKSSH_NCORE pub KSSH_UPDATER pub KSSH_SETUP pub KSSH_SSHADMIN pub KSSH_MONITOR pub KSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)R R R Ereturn status code 0
infoThis is a Show Module's Versioning Information service. Obtains the version number of the HSM firmware.PCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
receiveTransmits a file (intended to be an npkg upgrade file) to the HSM.PCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
loadVerifies that a file on the HSM filesystem is a valid npkg upgrade file and, if so loads the file onto its flash partition.PCONSBIK pub NPSK pub NFIK pub NLIK pub KSESSION - SSHDigital signature verification (Cert. #A2513: RSA SigVer, ECDSA SigVer) Data encryption/decryption (Cert. #A2512: AES) MAC generation / verification (Cert. #A2512: HMAC)E E E E Ereturn status code 0
getlogThis is the Show Status service. Obtains the log of the systemPCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
clearlogClears the log of the systemPCOKSESSION - SSHData encryption/decryption (Cert. #A2512: AES CTR, GCM) MAC generation / verification (Cert. #A2512: HMAC)Ereturn status code 0
python- zeroconfThe (logical) network connection between host and HSM uses TCP/IP protocols over the PCIe bus; however, for ease of setup it needs to avoid requiring IP configuration by the user. Therefore the HSM uses zeroconf: each end of the virtual 'network segment' has only a link-local (IPv4 and IPv6) address. The HSM's address can be discovered by the host using multicast DNS, responding to mDNS queries.Unauthenticatedreturn status code 0
Big number operation Cmd_BignumOpPerforms an operation on a large integer.UCreturn status OK
Make Blob Cmd_MakeBlobCreates a Key blob containing the key. Note that the key ACL needs to authorize the operation.UCKA, KRE_BLOBKEY, KR, KM, KNSO, LT BLOBKE, BLOBKMKey derivation (Cert. #A2513: KBKDF) Key wrapping (Cert. #A2513: AES CBC and HMAC, KTS-IFC)R Ereturn status OK
Bulk channel Cmd_ChannelOpen Cmd_ChannelUpdateProvides a bulk processing channel for crypto operationsUCKAEncryption and decryption (Cert. #A2513: AES ECB, CBC, GCM) MAC generation and verification (Cert. #A2513: HMAC, KMAC, AES CMAC) Digital signature generation and verification (Cert. #A2513: RSA, ECDSA, DSA)Ereturn status OK
Check User Action Cmd_CheckUserActionDetermines whether the ACL associated with a key allows a specific operator defined action.UCKNSO, KARreturn status OK
Clear Unit Cmd_ClearUnitThis is the Perform Self-tests service. Zeroises all keys, tokens and shares that are loaded in RAM. Will cause the moduleUCKA, KR, IMPATHKE, IMPATHKM, RAKME, RAKMAZreturn status OK
Set Module Key Cmd_SetKMAllows a key to be stored internally as a Module key (KM) value. The ACL needs to authorize this operation.NSOKMMessage digest (Cert. #A2513: SHA-1)Wreturn status OK
Remove Module Key Cmd_RemoveKMDeletes the KM with a given KM hash value from non- volatile memory.NSOKMZreturn status OK
Duplicate key handle Cmd_DuplicateCreates a second instance of a Key with the same ACL and returns a handle to the new instance. Note that the source key ACL needs to authorize this operation.UCKARreturn status OK
Enable feature Cmd_StaticFeatureEnableEnables the service. This service requires a certificate signed by the Master Feature Enable key.UCreturn status OK
Encryption Cmd_EncryptEncryption using the provided key handle.UCKAData encryption (Cert. #A2513: AES ECB, CBC, GCM)Ereturn status OK
Decryption Cmd_DecryptDecryption using the provided key handle.UCKAData decryption (Cert. #A2513: AES ECB, CBC, GCM)Ereturn status OK
Erase from smartcard /softcard Cmd_EraseFile Cmd_EraseShareRemoves a file or a share from a smartcard or softcardUCreturn status OK
Format Token Cmd_FormatTokenFormats a smartcard or a softcard.UCreturn status OK
File operations Cmd_FileCopy Cmd_FileCreate Cmd_FileErase Cmd_FileOpPerforms file operations in the module.UCreturn status OK
Force module to fail Cmd_FailCauses the module to enter a failure state.UCreturn status OK
Generate prime number Cmd_GeneratePrimeGenerates a random prime.UCDRBG entropy input, seed, internal state ('V' and 'C')Random bit generation (Cert. #A2513: DRBG)Ereturn status OK
Generate random numberGenerates a random number from the Approved DRBG.UCDRBG entropy input, seed,Random bit generation (Cert. #A2513: DRBG)Ereturn status OK
Cmd_GenerateRandominternal state ('V' and 'C')
Get ACL Cmd_GetACLGet the ACL of a given key.UCKARreturn status OK
Get key application data Cmd_GetAppDataGet the application data field from a key.UCKARreturn status OK
Get challenge Cmd_GetChallengeGet a random challenge that can be used in fresh certificates.UCDRBG entropy input, seed, internal state ('V' and 'C')Random bit generation (Cert. #A2513: DRBG)Ereturn status OK
Get KLF2 Cmd_GetKLF2Get a handle to the Module Long Term (KLF2) public key.UCreturn status OK
Get Key Information Cmd_GetKeyInfo Cmd_GetKeyInfoExGet the type, length and hash of a key.UCKAMessage digest (Cert. #A2513: SHA-1)Rreturn status OK
Get module signing key Cmd_GetKMLGet a handle to the KML public key.UCKMLRreturn status OK
Get list of slot in the module Cmd_GetSlotListGet the list of slots that are available from the module.UCreturn status OK
Get Logical Token Info Cmd_GetLogicalTokenInfo Cmd_GetLogicalTokenInfoExGet information about a Logical Token: hash, state and number of shares.UCLTMessage digest (Cert. #A2513: SHA-1)Rreturn status OK
Get list of module keys Cmd_GetKMListGet the list of the hashes of all module keys and the KNSO.UCKM, KNSO, HKNSOMessage digest (Cert. #A2513: SHA-1)Rreturn status OK
Get module state Cmd_GetModuleStateReturns unsigned data about the current state of the module.UCreturn status OK
Get real time clock Cmd_GetRTCGet the current time from the module Real Time Clock.UCreturn status OK
Get share access control list Cmd_GetShareACLGet the Share's ACL.UCSHAREKEYRreturn status OK
Get Slot Information Cmd_GetSlotInfoGet information about shares and files on a Smartcard that has been inserted in a module slot.UCreturn status OK
Get Ticket Cmd_GetTicketGet a ticket (an invariant identifier) for a key. This can be passed to another client or to a SEE World which can redeem it using RedeemUCreturn status OK
Initialize Unit Cmd_InitializeUnit Cmd_InitializeUnitExCauses the nCore API service in the pre-initialization state to enter the initialization state. When the module enters the initialization state, it erases all Module keys (KM), the module's signing key (KML), and the hash of the Security Officer's keys, HKNSO. It then generates a new KML and KM.UCKA, KRE_BLOBKEY, KR, KM, KAL, KML, KNSO, HKNSO, LTKey generation (Cert. #A2513: CKG, RSA, DSA) Message digest (Cert. #A2513: SHA-1)Z, Greturn status OK
Insert a Softcard Cmd_InsertSoftTokenAllocates memory on the module that is used to store the logical token share and other data objects.UCreturn status OK
Remove a Softcard Cmd_RemoveSoftTokenRemoves a Softcard from the module. It returns the updated shares and deletes them from the module’s memory.UCreturn status OK
Impath channel Cmd_ImpathGetInfo Cmd_ImpathKXBegin Cmd_ImpathKXFinish Cmd_ImpathReceive Cmd_ImpathSendSupport for Impath channel. Requires Feature Enabled.UCKML, IMPATHKE, IMPATHKMKey agreement (Cert. #A2513: KAS-FFC, Safe Primes Generation, Safe Primes Verification) Key derivation (Cert. #A2513: KBKDF) Data encryption and decryption (Cert. #A2513: AES CBC, GCM) MAC generation and verification (Cert. #A2513: HMAC-SHA256)G, Ereturn status OK
Key generation Cmd_GenerateKey Cmd_GenerateKeyPairGenerates a cryptographic key of a given type with a specified ACL. It returns a handle to the key. Optionally, it returns a KML signed certificate with the hash of the key and its ACL information.UCKML, KA, DRBG entropy input, seed, internal state ('V' and 'C')Key generation (Cert. #A2513: CKG, RSA, ECDSA, DSA, KAS-ECC, KAS-FFC, Safe Primes Generation) Digital signature generation (Cert. #A2513: DSA)Greturn status OK
Key import Cmd_ImportLoads a plain text key into the module. If the module is initialized in approved mode, this service is available for public keys only.UCKAWreturn status OK
Derive Key Cmd_DeriveKeyPerforms key wrapping, unwrapping, transport, exchange and derivation. The ACL needs to authorize this operation.UCKAKey derivation (Cert. #A2513: KBKDF)R, Wreturn status OK
Load Blob Cmd_LoadBlobLoad a Key blob into the module. It returns a handle to the key suitable for use with module services.UCKA, KRE_BLOBKEY, KR, KM, KNSO BLOBKE, BLOBKMKey derivation (Cert. #A2513: KBKDF) Key unwrapping (Cert. #A2513: AES CBC and HMAC, KTS-IFC)W Ereturn status OK
Load Logical Token Cmd_LoadLogicalTokenInitiates loading a Logical Token from Shares, which can be loaded with the Read Share command.UCreturn status OK
Generate Logical Token Cmd_GenerateLogicalTokenCreates a new Logical Token with given properties and secret sharing parameters.UCKM, LTKey generation (Cert. #A2513: CKG)G, Wreturn status OK
Message digest Cmd_HashComputes the cryptographic hash of a given message.UCMessage digest (Cert. #A2513: SHS)return status OK
Modular Exponentiation Cmd_ModExp Cmd_ModExpCrt Cmd_RSAImmedVerifyEncrypt Cmd_RSAImmedSignDecryptPerforms a modular exponentiation (standard or CRT) on values supplied with the command.UCreturn status OK
Module hardware information Cmd_ModuleInfoReports detailed hardware information.UCreturn status OK
No Operation Cmd_NoOpNo operation.UCreturn status OK
Change Share Passphrase Cmd_ChangeSharePIN Cmd_ChangeShareGroupPINUpdates the passphrase of a Share.UCSHAREKEY, LT, KMKey derivation (KBKDF) Key wrapping/unwrapping (Cert. #A2513: AES CBC and HMAC, KTS-IFC)G, E, R, Wreturn status OK
NVRAM Allocate Cmd_NVMemAllocateAllocation in NVRAM.NSOreturn status OK
NVRAM Free Cmd_NVMemFreeDeallocation from NVRAM.UCreturn status OK
Operation on NVM list Cmd_NVMemListReturns a list of files in NVRAM.UCreturn status OK
Operation on NVM files Cmd_NVMemOpOperation on an NVRAM file.UCreturn status OK
Key export Cmd_ExportExports a key in plain text. Note: in approved mode, only public keys can be exported.UCKARreturn status OK
Read file Cmd_ReadFileReads data from a file on a Smartcard or Softcard. The ACL needs to authorize this operation.UCreturn status OK
Read share Cmd_ReadShareReads a share from a Smartcard or Softcard. Once a quorum of shares have been loaded, the module re- assembles the Logical Token.UCSHAREKEY, LT, KMKey derivation (Cert. #A2513: KBKDF) Key unwrapping (Cert. #A2513: AES CBC and HMAC)G, E, Rreturn status OK
Send share to remote slot Cmd_SendShareReads a Share and encrypts it with the Impath session keys for transmission to the peer module.UCIMPATHKE, IMPATHKM, SHAREKEYData encryption(Cert. #A2513: AES CBC, GCM) MAC generation (Cert. #A2513: HMAC-SHA256)R, Ereturn status OK
Receive share from remote slot Cmd_ReceiveShareReceives a Share encrypted with the Impath session keys by a remote module.UCIMPATHKE, IMPATHKM, SHAREKEYData decryption (Cert. #A2513: AES CBC, GCM) MAC verification (Cert. #A2513: HMAC-SHA256)R, Ereturn status OK
Redeem Ticket Cmd_RedeemTicketGets a handle in the current name space for the object referred to by a ticket created by Get Ticket.UCreturn status OK
Remote Administration Cmd_DynamicSlotCreateAssociation Cmd_DynamicSlotExchangeAPDUs Cmd_DynamicSlotsConfigure Cmd_DynamicSlotsConfigureQuery Cmd_VerifyCertificateProvides remote presentation of Smartcards using a secure channel between the module and the Smartcard.UCRAKME, RAKMA, KWARN_pubKey agreement (Cert. #A2513: KAS-ECC ECDH) Key derivation (Cert. #A2513: KBKDF) Data encryption and decryption (Cert. #A2513: AES CBC) MAC generation and verification (Cert. #A2513: AES CMAC) Digital signature verification (Cert. #A2513: ECDSA)G, E Ereturn status OK
Destroy Cmd_DestroyRemove handle to an object in RAM. If the current handle isUCKA, KNSO, LTZreturn status OK
Report statistics Cmd StatGetValues Cmd_StatEnumTreeReports the values of the statistics tree.UCreturn status OK
Show Status Cmd_NewEnquiryThis is a Show Status and Show Module's Versioning Information service. Report status information.UCreturn status OK
Set ACL Cmd_SetACLReplaces the ACL of a given key with a new ACL. The ACL needs to authorize this operation.UCKAWreturn status OK
Set key application data Cmd_SetAppDataWrites the application information field of a key.UCKAWreturn status OK
Set NSO Permissions Cmd_SetNSOPermsSets the NSO key hash and which permissions require a Delegation Certificate.NSOHKNSOWreturn status OK
Signature generation Cmd_SignGenerate a digital signature or MAC value.UCKA, KNSOMAC generation (Cert. #A2513: HMAC, KMAC, AES CMAC) Digital signature generation (Cert. #A2513: RSA, ECDSA, DSA)Ereturn status OK
Sign Module State Cmd_SignModuleStateReturns a signed certificate that contains data about the current configuration of the module.UCKMLDigital signature generation (Cert. #A2513: DSA)Ereturn status OK
Signature verification Cmd_VerifyVerifies a digital signature or MAC value.UCKAMAC verification (Cert. #A2513: HMAC, KMAC, AES CMAC) Digital signature verification (Cert. #A2513: RSA, ECDSA, DSA)Ereturn status OK
Write file Cmd_WriteFileWrites a file to a Smartcard or Softcard.NSOreturn status OK
Write share Cmd_WriteShareWrites a Share to a Smartcard or Softcard.UCSHAREKEY, LT, KMKey derivation (Cert. #A2513: KBKDF) Key wrapping (Cert. #A2513: AES CBC and HMAC)G, E, Wreturn status OK
4.2 Services

The following table describes the services provided by the Cryptographic Module and the access policy. The Access column presents the access level given to the SSP G = Generate: The module generates or derives the SSP. E = Execute: The module uses the SSP in performing a cryptographic operation. 4.2.1 / / nShield 5s Hardware Security Module Z E G

17 of 47
Page 18

/ / Table 10 Approved Services as they only use approved mechanisms. 4.2.2 E E R R E Table 11 Approved Services

18 of 47

nShield 5s Hardware Security Module

Page 19

as they only use approved mechanisms. 4.2.3 Updater service E E E E E Table 12 Approved Services as they only use approved mechanisms. 4.2.4 Monitor service Table 13 Approved Services as they only use approved mechanisms. nShield 5s Hardware Security Module

19 of 47
Page 20

4.2.5 Discovery service pythonzeroconf Table 14 Approved Services as they only use approved mechanisms. 4.2.6 nCoreAPI service R E E R Z

20 of 47

nShield 5s Hardware Security Module

Page 21

R E E E E nShield 5s Hardware Security Module

21 of 47
Page 22
22 of 47

nShield 5s Hardware Security Module

Page 23

Z, G G, E G nShield 5s Hardware Security Module W R, W

23 of 47
Page 24
24 of 47
Page 25

R R, E R, E G, E E nShield 5s Hardware Security Module Z

25 of 47
Page 26

W W E E E Table 15 Approved Services Non-approved services will fail with a return an error code indicator "StrictFIPS140".

26 of 47

nShield 5s Hardware Security Module

Page 27

All nCore API services are sent through the SSH channel, performing security functions Data encryption/decryption, MAC generation / verification and access E (execute) of the session keys KSESSION - SSH. nShield 5s Hardware Security Module

27 of 47
Page 28
5 Software/Firmware security

The nShield 5s cryptographic module's executable code is delivered by Entrust as a single signed firmware package (.npkg file). The bootloader and firmware integrity is verified at start up using RSA with 4096 bit key and SHA2-256. The Library Partition is an internal storage area that contains a number of auxiliary files required for operation of the module. The integrity of the Library Partition is verified using ECDSA with curve P-521 and SHA2-512. Operators can initiate the integrity tests on demand by restarting the module.

28 of 47

nShield 5s Hardware Security Module

Page 29
6 Operational environment

Not applicable. The module has a limited operational environment, it is designed to accept only controlled firmware changes that successfully pass the software/firmware load test. nShield 5s Hardware Security Module

29 of 47
Page 30
Physical SecurityRecommendedInspection/Test Guidance Details
MechanismFrequency of
Inspection/Test
Hard and opaque epoxyMonthlyThe module should be inspected periodically for evidence of tamper attempts, including the entire enclosure including the epoxy resin security coating for obvious signs of damage.
Temperature or voltageSpecify EFP or EFTSpecify if this condition
measurementresults in a shutdown or
zeroisation
Low Temperature0ºCEFPShutdown
High Temperature95ºCEFPShutdown
Low Voltage2.463V (battery) 0V (PCIe)EFPShutdown
High Voltage3.553V (battery) 14.45V (PCIe)EFPShutdown
Hardness tested temperature measurement
Low Temperature0ºC
High Temperature95ºC

The product is a multi-chip embedded Cryptographic Module, as defined in FIPS 140-3. It is enclosed 3. The cryptographic module implements Environmental Failure Protections (EFP) which detect out of Table 16 Physical Security Inspection Guidelines 0ºC a Table 17 EFP/EFT 0ºC Table 18 Hardness testing temperature ranges

30 of 47

nShield 5s Hardware Security Module

Page 31
8 Non-invasive security

Not applicable. nShield 5s Hardware Security Module

31 of 47
Page 32
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageImport ExportKey/SSP/Name/TypeZeroisation
Key derivation256 bitsRe-settable key A2513DRBGn/aMSP430 FRAM, in plaintextNeverKRESET (CSP)factorystate
Encryption of all the service's server authentication SSH keys256 bitsGlobal SSH key encryption key AES-256 A2513Derived at start-up using KBKDF from KRESET and other fixed parametersn/aRAM, in plaintextNeverKUSER_SSH (CSP)Power cycle factorystate
SSH channel session128 bitsServer authentication SSH key for the Setup service ECDSA P-256 A2513 A2512DRBGn/aIn Flash, encrypted with KUSER_SSHPrivate key: never Public key: output via SSHAdmin serviceKSSH_SETUP (CSP)factorystate
SSH channel session128 bitsServer authentication SSH key for the Updater service ECDSA P-256 A2513 A2512DRBGn/aIn Flash, encrypted with KUSER_SSHPrivate key: never Public key: output via SSHAdmin serviceKSSH_UPDATER (CSP)factorystate
SSH channel session128 bitsServer authentication SSH key for the SSH Admin service ECDSA P-256 A2513 A2512DRBGn/aIn Flash, encrypted with KUSER_SSHPrivate key: never Public key: output via SSHAdmin serviceKSSH_SSHADMIN (CSP)factorystate
SSH channel session128 bitsServer authentication SSH key for the Monitor serviceDRBGn/aIn Flash, encrypted with KUSER_SSHPrivate key: never Public key: output viaKSSH_MONITOR (CSP)factorystate
ECDSA P-256 A2513 A2512ECDSA P-256 A2513 A2512SSHAdmin service
SSH channel data encryption and integrity128 bitsSSH channel session keys AES GCM or AES CTR, HMAC A2513n/aECDHRAM, in plaintextNeverKSESSION - SSH (CSP)Power cycle or channel closure factorystate
Firmware integrity test128 bitsBootloader public integrity key RSA 4096 bit A2404 A6385Entrustn/aFlash, in plaintextImport: Firmware update Export: NeverNSBIK pub (not an SSP)n/a
Firmware integrity test128 bitsFirmware public signature verification key RSA 4096 bit A2404 A6385Entrustn/aFlash, in plaintextImport: Firmware update Export: NeverNFIK pub (not an SSP)n/a
Firmware integrity test256 bitsLibrary public integrity key ECDSA P-521 A2513Entrustn/aFlash, in plaintextImport: Firmware update Export: NeverNLIK pub (not an SSP)n/a
Firmware loading test256 bitsPackage public signature verification key ECDSA P-521 A2513Entrustn/aFlash, in plaintextImport: Firmware update Export: NeverNPSK pub (PSP)n/a
SSH authentication credentials128 bitsClient authentication SSH key for each of the services (Updater, Setup, SSHAdmin, nCoreAPI) ECDSA P-256 A2513Client siden/aFlash, in plaintextThrough SSHAdmin serviceKSSH_CLIENT pub (PSP)factorystate
Random number generation> 256 bitsPlatform DRBG A2513520 bits from the approved Entropy Source.n/aRAM, in plaintextNeverDRBG entropy input (CSP)Power cycle factorystate
Random number generation256 bitsPlatform DRBG A2513Generated as per SP 800-90Arev1 with 696 bits from the approved Entropy Source: 520 bits entropy input 176 bits random noncen/aRAM, in plaintextNeverDRBG seed (CSP)Power cycle factorystate
Random number generation256 bitsPlatform DRBG A2513Generated as per SP 800- 90Arev1.n/aRAM, in plaintextNeverDRBG internal state ('V' and 'C' values) (CSP)Power cycle factorystate
Key derivation256 bitsMaster key for container A2513Derived at start-up using KBKDF from KRESET, container-id and other fixed value.n/aRAM, in plaintextNeverKCONTAINER (CSP)Power cycle factorystate
Encryption256 bitsEncryption key for KSSH_NCORE AES-256 A2513Derived at start-up using KBKDF from KCONTAINER, and other fixed value.n/aRAM, in plaintextNeverKCONTAINERSSH (CSP)Power cycle factorystate
SSH channel session128 bitsServer authentication ssh key for the nCore API service ECDSA P-256 A2513 A2512DRBGn/aIn Flash, encrypted with KCONTAINERSSHPrivate key: Never Public key output via SSH Admin serviceKSSH_NCORE (CSP)factorystate
ehFunction andntte
Key used to protect recovery keys (KR).128 bitsRecovery confidentialit y key RSA 3072 bit A2513DRBGn/aRAM, in plaintextImport: From key blob, decrypted with LTRE Export: in key blob, encrypted with LTREKRE_BLOBKEY (CSP)Power cycle Cmd_Destro y factorystate
Key used to derive (using SP 800- 108 KDF in counter mode) the keys Ke (AES 256-bit) and Km (HMAC-SHA256) that protect an archive copy of an application key.256 bitsRecovery key AES 256 A2513DRBGn/aRAM, in plaintextImport: From key blob, decrypted with KRE_BLOBKEY Export: in key blob, encrypted with KRE_BLOBKEYKR (CSP)Power cycle Cmd_Destro y factorystate
Encryption and decryption MAC generation and verification256 bitsSession keys for impath channel A2513n/aDHRAM, in plaintextNeverIMPATHKE IMPATHKM (CSP)Power cycle or channel closure factorystate
Application keys used for general purpose cryptographic services: • Encryption and decryption • Digital signature generation and verification • MAC generation and verification • Key derivation, key agreement .≥ 112 bitsApplication keys A2513DRBGn/aRAM, in plaintextImport: From key blob, decrypted with LTA or KR Export: in key blob, encrypted with LTA or KRKA (CSP)Power cycle Cmd_Destro y factorystate
ehFunction andntte
Key used for key derivation to protect logical tokens and associated module Key Blobs.256 bitsSecurity World module key AES 256 A2513DRBGn/aFlash, in plaintextImport: From key blob, decrypted with LTM Export: in key blob, encrypted with LTMKM (CSP)factorystate or Initialize Unit
Digital signature generation for key generation certificates and module state certificates.128 bitsModule Signing key DSA 3072 bit A2513DRBGn/aFlash, in plaintextNeverKML (CSP)factorystate or Initialize Unit
nShield Security Officer key used for NSO authorisation and Security World integrity128 bitsNSO key DSA 3072 bit A2513DRBGn/aRAM, in plaintextImport: From key blob, decrypted with LTNSO Export: in key blob, encrypted with LTNSOKNSO (CSP)Power cycle Cmd_Destro y factorystate
nShield Security Officer key used for NSO authorisation and Security World integrity160 bitsHash of public KNSO A2513n/aSecurity World creationFlash, in plaintextNeverHKNSO (PSP)factorystate or Initialize Unit
Key wrapping256 bitsKey blob encryption and MAC key AES 256 HMAC- SHA256 A2513n/aDerived from LTxRAM, in plaintextNeverBLOBKE BLOBKM (CSP)Power cycle factorystate
Key derivation256 bitsLogical token for key x AES 256 A2513DRBGFrom Shares using Shamir Secret ScheeRAM, in plaintextImport: From quorum of encrypted Shares using Shamir Secret Scheme Export: To encrypted Shares using Shamir Secret SchemeLTx (CSP)Power cycle Cmd_Destro y factorystate
Protects a share when written to a smartcard or softcard. This key is used to derive using KBKDF the keys Ke and Km used to wrap the share.256 bitsShare encryption and MAC keys AES 256 HMAC- SHA256 A2513n/aDerived from KM and other additional dataRAM, in plaintextNeverSHAREKEY (CSP)Power cycle factorystate
ehFunction andntte
Encryption and decryption MAC generation and verification256 bitsSession keys for remote admin channel AES 256 A2513n/aECDHRAM, in plaintextNeverRAKME RAKMA (CSP)Power cycle or channel closure factorystate
Digital signature generation of the audit trail.128 bitsAudit logging key DSA 3072-bit A2513DRBGn/aFlash, in plaintextNeverKAL (CSP)factorystate or Initialize Unit factorystate
Digital signature verification to authenticate remote cards.256 bitsEntrust root warranting public key for Administrator Cards and Operator Cards ECDSA P-521 A2513Entrustn/aFlash, in plaintext , as part of the firmware imageImport: fw update Export: neverKWARN pub (PSP)n/a protected
Random number generation256 bitsnCoreAPI DRBG A2513520 bits from Platform DRBGn/aRAM, in plaintextNeverDRBG entropy input (CSP)Power cycle factorystate
Random number generation256 bitsnCoreAPI DRBG A2513Generated as per SP 800- 90Arev1 with 696 bits from Platform DRBG: 520 bits entropy input 176 bits random noncen/aRAM, in plaintextNeverDRBG seed (CSP)Power cycle factorystate
Random number generation256 bitsnCoreAPI DRBG A2513Generated as per SP 800- 90Arev1.n/aRAM, in plaintextNeverDRBG internal state ('V' and 'C' values) (CSP)Power cycle factorystate
9 Sensitive security parameters management

This section defines the Sensitive Security Parameters (SSPs) managed by the cryptographic module. 9.1.1 Platform SSPs n/a n/a

32 of 47

nShield 5s Hardware Security Module

Page 33

n/a n/a n/a n/a n/a n/a > nShield 5s Hardware Security Module

33 of 47
Page 34

n/a n/a Table 19 Platform SSP table 9.1.1.1 Service SSPs The following SSPs are related to the nCore API service. & n/a n/a Table 20 nCoreAPI SSP table

34 of 47

nShield 5s Hardware Security Module

Page 35

9.1.1.2 Security World SSPs The following SSPs are related to the Security World in which the cryptographic module is enrolled into. e h t t y

35 of 47
Page 36
36 of 47
Page 37

e h t t n/a n/a 80090Arev1 n/a n/a 80090Arev1. Table 21 Security World SSP table As per IG 9.7.B, the zeroisation of SSPs is explicitly indicated by the successful return code of the setup factorystate command. Temporary SSPs are zeroised implicitly. nShield 5s Hardware Security Module

37 of 47
Page 38
Approved algorithm
NameKey Size
DetailsMinimum number of bitsEntropy sources
of entropyof entropy
Hardware entropy source compliant with SP 800-90B. 520 output bits are used for the entropy input of the DRBG, this is more than 256 bits of min-entropy.0.89 bits per output bitnShield 5s Physical True Random Number Generator ESV Cert. #E38
9.2 SSP zeroization methods

Zeroization of all unprotected SSPs keys occurs immediately when the module is reset to the factory state with the setup factorystate command. The cryptographic module has a hardware based true random number generator used to seed the DRBGs.

38 of 47
Page 39
Approved algorithm
NameDescription
Bootloader crypto (Cert. #A2404, #A6385)
SHA2-256Known Answer Test
RSAKnown Answer Test: verification RSASSA-PKCS-v1_5 with 4096 bit key and SHA2-256
nCore crypto (Cert. #A2513)
AES ECB encryptKnown Answer Test: encryption with 128, 192 and 256-bit keys
AES ECB decryptKnown Answer Test: decryption with 128, 192 and 256-bit keys
AES CMACKnown Answer Test: MAC generation/verification with 128-bit key
SHA-1Known Answer Test: SHA-1, other sizes are tested along with KAT HMAC
SHA-3Known Answer Test: SHA3-224, SHA3-256, SHA3-384, SHA3-512
HMAC with SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512Known Answer Test
RSAKnown Answer Test: sign/verify RSASSA-PKCS-v1_5 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) with 2048-bit key Known Answer Test: encrypt/decrypt RSA-OAEP with 2048-bit key
DSAKnown Answer Test: sign/verify with 2048-bit key and SHA2-224
ECDSAKnown Answer Test: sign/verify with curves P-224 and B-233
KAS-FFCKnown Answer Test: DH Shared Secret Computation with MODP-2048, MODP-3072
KAS-ECCKnown Answer Test: ECDH Shared Secret Computation with curves P-256 and B-233
One-step KDFKnown Answer Test: with SHA2-256 auxiliary function
Two-step KDFKnown Answer Test: with HMAC-SHA256 auxiliary function
KBKDFKnown Answer Test: Counter KDF with CMAC-AES256
DRBGKnown Answer Test: instantiate, reseed, generate as per SP 800-90Arev1 section 11.3
SSH crypto (Cert. #A2512)
AES GCM encryptKnown Answer Test: encryption with 128 bit key
AES GCM decryptKnown Answer Test: decryption with 128 bit key
AES CTR encryptKnown Answer Test: encryption with 128 bit key
AES CTR decryptKnown Answer Test: decryption with 128 bit key
HMAC with SHA2-256 and SHA2-512Known Answer Test
KAS-ECCKnown Answer Test: ECDH Shared Secret Computation with curve P-256
ECDSAKnown Answer Test: sign/verify with curves P-256 and P-521
SSH KDFKnown Answer Test: with SHA2-256
FieldExpected value
primary-version13.2.4-280-7f4f0c24
FieldExpected value
recovery-version13.2.4-280-7f4f0c24
uboot-version1.1.0-1245-b9bedfa or 1.4.1-0-edb84d6e
FieldExpected value
product namenC5536E or nC5536N
hardware part noPCA10005-01 revision 03 or revision 04
FieldExpected value
buildpart"value": "PCA10005-01"
buildrev"value": "03" or "value": "04"
10 Self tests

The Cryptographic Module performs pre-operational, conditional and periodic self-tests. It also supports pre-operational self-tests on demand by resetting the module. In the event of a self-test failure, the module enters the error state. While in this state, the module does not process any commands, and will indicate the error on the status LED and the error log, which can be retrieved with the command monitor getlog.

10.1 Pre-operational self tests
10.1.1 Integrity tests

At start up, the following integrity tests are performed:

10.2 Conditional self tests
10.2.1 Crypto self tests

The following cryptographic algorithm self tests (CASTs) are run before the first use of any cryptographic mechanism. nShield 5s Hardware Security Module

39 of 47
Page 40
10.2.2 SP 800-90B health tests

At start up, the SP 800-90B Adaptive Proportion Test and Repetition Count Test are run on the output bits of the entropy source. These tests are also run continuously during operation of the entropy source.

10.2.3 Pair-wise consistency tests

The module performs a pair-wise consistency test when RSA (Cert. #A2513), DSA (Cert. #A2513), generated.

10.2.4 Firmware load test

Prior to updating the firmware, the cryptographic module validates the integrity and authenticity of the image update package. The module performs the following actions before replacing the current image:

40 of 47

nShield 5s Hardware Security Module

Page 41
10.3 Periodic self tests

The following self tests are run periodically every 24 hours:

41 of 47
Page 42
11 Life-cycle assurance

This section provides specific FIPS-related guidance to Administrators and Operators. This guidance is aimed to complement the product user and installation guides which are delivered with the cryptographic module.

11.1 Delivery

The nShield cryptographic module is sent to the customers using a standard carrier service. After accepting the delivery of the module, a physical inspection of the module shall be performed (refer to Physical Security section). This inspection is done to ensure that the module has not been tampered with during transit. If the inspection results indicate that the module has not been tampered with, the Administrator can then proceed with installation and configuration of the module. The cryptographic module supports firmware upgrades in the field, which are provided by Entrust as a single signed firmware package (.npkg file).

11.2 Cryptographic module identification

This section provides instructions to inspect the cryptographic module´s fw and hw version information and ensure they correspond with the FIPS 140-3 validated versions.

11.2.1 FW identification

The cryptographic module provides the service updater info which provides firmware version information in JSON format. Entrust provides the hsmadmin status command-line utility which calls the service updater info internally. hsmadmin status --json { "D5DE-E1F8-D6E7": { "succeeded": true, "data": { "mode": "primary", "uboot-version": "1.1.0-1245-b9bedfa" } } } The following fields in the output must be checked:

42 of 47

nShield 5s Hardware Security Module

Page 43
11.2.2 HW identification

The cryptographic module provides the command Cmd_NewEnquiry which reports hardware version information. Entrust provides the enquiry command-line utility which calls Cmd_NewEnquiry internally. The following fields in the output must be checked: Alternatively, the cryptographic module also provides the service setup info which provides hardware version information in JSON format. Entrust provides the hsmadmin info command-line utility which calls the service setup info internally. hsmadmin info --json { "15C8-4387-C748": { "eeprom": { ... , "buildpart": , "buildrev": { "value": "03", "crc": xxxxx } ... } } The following fields in the output must be checked: nShield 5s Hardware Security Module

43 of 47
Page 44
11.3 Approved mode of operation

To configure the cryptographic module in approved mode, the following steps are performed:

  1. When the cryptographic module is in factory state, it first needs to be initialized with the Entrust supplied utility hsmadmin enroll.
  2. Create a FIPS 140-3 level 3 compliant Security World using the Entrust supplied utility newworld, setting the mode to fips-140-level-3, e.g. new-world --mode=fips-140-level-3 An operator can verify that the module is configured in approved mode with the command line utility enquiry, which reports the following active modes: active modes StrictSP80056Ar3 UseFIPSApprovedInternalMechanisms FIPSLevel3Enforcedv2 Once a FIPS 140-3 level 3 Security World is created, it is not possible to switch into a non-compliant mode without first zeroising the unprotected SSPs.
11.4 End of life

Per FIPS 140-3 section 7.11.8, in the event that the module is no longer deployed or intended for further use, the Crypto Officer shall zeroize and destroy the module. The module shall be taken to an electronics recycling facility that offers (and assures) the physical destruction of e-waste.

44 of 47

nShield 5s Hardware Security Module

Page 45
12 Mitigation of other attacks

Not applicable. nShield 5s Hardware Security Module

45 of 47
Page 46

Contact Us Web site https://www.entrust.com Support https://nshieldsupport.entrust.com Email Support nShield.support@entrust.com Online documentation: Available from the Support site listed above. You can also contact our Support teams by telephone, using the following numbers: Europe, Middle East, and Africa United Kingdom: +44 1223 622 444 One Station Square Cambridge CB1 2GA UK Americas Toll Free: +1 833 425 1990 Fort Lauderdale: +1 954 953 5229 Sawgrass Commerce Center

13800 NW 14 Street

Sunrise FL 33323 USA Asia Pacific Australia: +61 9126 9070 World Trade Centre Northbank Wharf Siddeley St Melbourne VIC 3005 Australia Japan: +81 50 3196 4994 Hong Kong: +852 3008 4994 31/F, Hysan Place

500 Hennessy Road

Causeway Bay Hong Kong

46 of 47

nShield 5s Hardware Security Module

Page 47

To get help with Entrust nShield HSMs nShield.support@entrust.com nshieldsupport.entrust.com ABOUT ENTRUST CORPORATION Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing egovernment services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us.

Referenced URLs