All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Libgcrypt cryptography module for AlmaLinux 9

Certificate#5060StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCloudlinux Inc., TuxCare division
Low review priority  ·  no TCB surface named  ·  libgcrypt upstream has published 2 CVEs since this module's initial validation  ·  last validated 1 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/16/2030
CaveatWhen operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
VendorCloudlinux Inc., TuxCare division

Approved Algorithms (47)

AlgorithmACVP Cert
AES-CBCA5138
AES-CCMA5138
AES-CFB128A5138
AES-CFB8A5138
AES-CMACA5138
AES-CTRA5138
AES-ECBA5138
AES-KWA5138
AES-OFBA5138
AES-XTS Testing Revision 2.0A5138
Counter DRBGA5138
ECDSA KeyGen (FIPS186-5)A5138
ECDSA KeyVer (FIPS186-5)A5138
ECDSA SigGen (FIPS186-5)A5138
ECDSA SigVer (FIPS186-5)A5138
Hash DRBGA5138
HMAC DRBGA5138
HMAC-SHA-1A5137
HMAC-SHA2- 224A5138
HMAC-SHA2- 256A5138
HMAC-SHA2- 384A5138
HMAC-SHA2- 512A5138
HMAC-SHA2- 512/224A5138
HMAC-SHA2- 512/256A5138
HMAC-SHA3- 224A5140
HMAC-SHA3- 256A5140
HMAC-SHA3- 384A5140
HMAC-SHA3- 512A5140
PBKDFA5138
RSA KeyGen (FIPS186-5)A5138
RSA SigGen (FIPS186-5)A5138
RSA SigVer (FIPS186-2)A5138
RSA SigVer (FIPS186-4)A5138
RSA SigVer (FIPS186-5)A5138
SHA-1A5137
SHA2-224A5138
SHA2-256A5138
SHA2-384A5138
SHA2-512A5138
SHA2-512/224A5138
SHA2-512/256A5138
SHA3-224A5140
SHA3-256A5140
SHA3-384A5140
SHA3-512A5140
SHAKE-128A5140
SHAKE-256A5140

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Libgcrypt cryptography module for AlmaLinux 9
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric encryption and decryption<br/>Symmetric encryption and decryption with AES XTS…<br/>Show status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Libgcrypt cryptography module for AlmaLinux 9
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric encryption and decryption<br/>Symmetric encryption and decryption with AES XTS…<br/>Show status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Cloudlinux Inc., TuxCare division Libgcrypt cryptography module for AlmaLinux 9 Prepared by: atsec information security corporation

4516 Seton Center Pkwy, Suite 250
Page 2

Libgcrypt cryptography module for AlmaLinux 9 Austin, TX 78759 Document version: 1.2 www.atsec.com Last update: 2026-13-04 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 3

Libgcrypt cryptography module for AlmaLinux 9 Table of Contents © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 4

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 5

Libgcrypt cryptography module for AlmaLinux 9 List of Tables List of Figures © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical securityN/A
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacks1
Overall LevelOverall Level1

Libgcrypt cryptography module for AlmaLinux 9

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 1.10.0-9a1db72d64086a2f of the Libgcrypt cryptography module for AlmaLinux 9. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.

1.2 Security Levels
1.3 Additional Information

This Security Policy describes the features and design of the module named Libgcrypt cryptography module for AlmaLinux 9 using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. including this notice. Other documentation is proprietary to their authors. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 7

Libgcrypt cryptography module for AlmaLinux 9 supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 8

Libgcrypt cryptography module for AlmaLinux 9

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Libgcrypt cryptography module for AlmaLinux 9 (hereafter referred to as “the module”) is a software library implementing general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying operating system through an application program interface (API). Module Type: Software Module Embodiment: Multi-Chip Standalone Cryptographic Boundary: The module consists of the shared library file (i.e. libgcrypt.so.20.4.0) which constitutes the cryptographic boundary. The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment and the flow of information between the module and operator. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP is the general-purpose computer on which the module is installed. Figure 1: Block Diagram © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 9
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
/usr/lib64/libgcrypt.so.20.4.01.10.0- 9a1db72d64086a2fN/A/usr/lib64/libgcrypt.so.20.4.0HMAC-SHA-256
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLYesN/A
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLNoN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UYesN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UNoN/A
Rocky Linux 9.6Rocky Linux 9.6GIGABYTE E163-S30-AAG1 on Intel® Xeon® Gold 5512U
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
/usr/lib64/libgcrypt.so.20.4.01.10.0- 9a1db72d64086a2fN/A/usr/lib64/libgcrypt.so.20.4.0HMAC-SHA-256
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLYesN/A
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLNoN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UYesN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UNoN/A
Rocky Linux 9.6Rocky Linux 9.6GIGABYTE E163-S30-AAG1 on Intel® Xeon® Gold 5512U
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
/usr/lib64/libgcrypt.so.20.4.01.10.0- 9a1db72d64086a2fN/A/usr/lib64/libgcrypt.so.20.4.0HMAC-SHA-256
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLYesN/A
Almalinux 9.2Almalinux 9.2Amazon Web Services (AWS) m5.metal1.10.0- 9a1db72d64086a2fIntel Xeon Platinum 8259CLNoN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UYesN/A
AlmaLinux OS 9.6AlmaLinux OS 9.6GIGABYTE E163- S30-AAG11.10.0- 9a1db72d64086a2fIntel® Xeon® Gold 5512UNoN/A
Rocky Linux 9.6Rocky Linux 9.6GIGABYTE E163-S30-AAG1 on Intel® Xeon® Gold 5512U

Libgcrypt cryptography module for AlmaLinux 9

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

2.3 Excluded Components

The module does not claim any excluded components. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 10
Service
NameDescriptionIndicatorType
Non- approved ModeAutomatically entered whenever a non-approved service is requested.The Non-Approved mode indicator maps to the non-approved service indicator which is non-zero return codeNon- Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA5138Key Length - 128, 192, 256 Tag Length - 112, 128, 32, 48, 64, 80, 96 IV Length - IV Length: 56, 64, 72, 80, 88, 96, 104 Payload Length - Payload Length: 0-256 Increment 8 AAD Length - AAD Length: 0-524288 Increment 8, AAD Length: 0, 256, 65536SP 800-38C
AES-CCMA5139Key Length - 128, 192, 256 Tag Length - 112, 128, 32, 48, 64, 80, 96 IV Length - IV Length: 56, 64, 72, 80, 88, 96, 104 Payload Length - Payload Length: 0-256 Increment 8 AAD Length - AAD Length: 0-524288 Increment 8, AAD Length: 0, 256, 65536SP 800-38C
AES-CCMA5141Key Length - 128, 192, 256 Tag Length - 112, 128, 32, 48, 64, 80, 96 IV Length - IV Length: 56, 64, 72, 80, 88, 96, 104 Payload Length - Payload Length: 0-256 Increment 8 AAD Length - AAD Length: 0-524288 Increment 8, AAD Length: 0, 256, 65536SP 800-38C
AES-CCMA5142Key Length - 128, 192, 256 Tag Length - 112, 128, 32, 48, 64, 80, 96 IV Length - IV Length: 56, 64, 72, 80, 88, 96, 104 Payload Length - Payload Length: 0-256 Increment 8 AAD Length - AAD Length: 0-524288 Increment 8, AAD Length: 0, 256, 65536SP 800-38C
AES-CFB128A5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CMACA5138Direction - Generation, Verification Key Length - 128, 192, 256 MAC Length - MAC Length: 128 Message Length - Message Length: 8-524288 Increment 8SP 800-38B
AES-CMACA5139Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5141Direction - Generation, Verification Key Length - 128, 192, 256 MAC Length - MAC Length: 128 Message Length - Message Length: 8-524288 Increment 8SP 800-38B
AES-CMACA5142Direction - Generation, Verification Key Length - 128, 192, 256 MAC Length - MAC Length: 128 Message Length - Message Length: 8-524288 Increment 8SP 800-38B
AES-CTRA5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256 Payload Length - Payload Length: 8-128 Increment 8 Supports Counter larger than maximum value - No Incremental Counter - Yes Counter Tests Performed - YesSP 800-38A
AES-CTRA5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256 Payload Length - Payload Length: 8-128 Increment 8 Supports Counter larger than maximum value - No Incremental Counter - Yes Counter Tests Performed - YesSP 800-38A
AES-CTRA5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256 Payload Length - Payload Length: 8-128 Increment 8 Supports Counter larger than maximum value - No Incremental Counter - Yes Counter Tests Performed - YesSP 800-38A
AES-CTRA5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256 Payload Length - Payload Length: 8-128 Increment 8 Supports Counter larger than maximum value - No Incremental Counter - Yes Counter Tests Performed - YesSP 800-38A
AES-ECBA5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-KWA5138Direction - Decrypt, Encrypt Cipher - Cipher Key Length - 128, 192, 256 Payload Length - Payload Length: 128-4096 Increment 128SP 800-38F
AES-KWA5139Direction - Decrypt, Encrypt Cipher - Cipher Key Length - 128, 192, 256 Payload Length - Payload Length: 128-4096 Increment 128SP 800-38F
AES-KWA5141Direction - Decrypt, Encrypt Cipher - Cipher Key Length - 128, 192, 256 Payload Length - Payload Length: 128-4096 Increment 128SP 800-38F
AES-KWA5142Direction - Decrypt, Encrypt Cipher - Cipher Key Length - 128, 192, 256 Payload Length - Payload Length: 128-4096 Increment 128SP 800-38F
AES-OFBA5138Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5139Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5141Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5142Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-XTS Testing Revision 2.0A5138Direction - Decrypt, Encrypt Key Length - 128, 256 Payload Length - Payload Length: 128-65536 Increment 128, Payload Length: 128-65536 Increment 8 Tweak Mode - Hex Data Unit Length Matches Payload Length - YesSP 800-38E
AES-XTS Testing Revision 2.0A5139Direction - Decrypt, Encrypt Key Length - 128, 256 Payload Length - Payload Length: 128-65536 Increment 128, Payload Length: 128-65536 Increment 8 Tweak Mode - Hex Data Unit Length Matches Payload Length - YesSP 800-38E
AES-XTS Testing Revision 2.0A5141Direction - Decrypt, Encrypt Key Length - 128, 256 Payload Length - Payload Length: 128-65536 Increment 128,SP 800-38E
AES-XTS Testing Revision 2.0A5142Direction - Decrypt, Encrypt Key Length - 128, 256 Payload Length - Payload Length: 128-65536 Increment 128, Payload Length: 128-65536 Increment 8 Tweak Mode - Hex Data Unit Length Matches Payload Length - YesSP 800-38E
Counter DRBGA5138Prediction Resistance - No, Yes Supports Reseed - No Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes Additional Input - Additional Input: 0 Entropy Input - Entropy Input: 128, Entropy Input: 192, Entropy Input: 256 Nonce - Nonce: 128, Nonce: 64 Personalization String Length - Personalization String Length: 0 Returned Bits - 1024, 512SP 800-90A Rev. 1
Counter DRBGA5139Prediction Resistance - No, Yes Supports Reseed - No Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes Additional Input - Additional Input: 0 Entropy Input - Entropy Input: 128, Entropy Input: 192, Entropy Input: 256 Nonce - Nonce: 128, Nonce: 64 Personalization String Length - Personalization String Length: 0 Returned Bits - 1024, 512SP 800-90A Rev. 1
Counter DRBGA5141Prediction Resistance - No, Yes Supports Reseed - No Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes Additional Input - Additional Input: 0 Entropy Input - Entropy Input: 128, Entropy Input: 192, Entropy Input: 256 Nonce - Nonce: 128, Nonce: 64 Personalization String Length - Personalization String Length: 0 Returned Bits - 1024, 512SP 800-90A Rev. 1
Counter DRBGA5142Prediction Resistance - No, Yes Supports Reseed - No Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes Additional Input - Additional Input: 0 Entropy Input - Entropy Input: 128, Entropy Input: 192, Entropy Input: 256 Nonce - Nonce: 128, Nonce: 64 Personalization String Length - Personalization String Length: 0 Returned Bits - 1024, 512SP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-5)A5138Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5139Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5140Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5141Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5142Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyVer (FIPS186-5)A5138Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5139Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5140Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5141Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5142Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA SigGen (FIPS186-5)A5138Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - NoFIPS 186-5
ECDSA SigGen (FIPS186-5)A5139Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256,FIPS 186-5
ECDSA SigGen (FIPS186-5)A5140Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - NoFIPS 186-5
ECDSA SigGen (FIPS186-5)A5141Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - NoFIPS 186-5
ECDSA SigGen (FIPS186-5)A5142Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - NoFIPS 186-5
ECDSA SigVer (FIPS186-5)A5138Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5139Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5140Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5141Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5142Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS 186-5
Hash DRBGA5138Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
Hash DRBGA5139Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
Hash DRBGA5140Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
Hash DRBGA5141Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
Hash DRBGA5142Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA5138Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
HMAC DRBGA5139Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
HMAC DRBGA5140Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
HMAC DRBGA5141Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization StringSP 800-90A Rev. 1
HMAC DRBGA5142Prediction Resistance - No, Yes Supports Reseed - No Mode - SHA-1, SHA2-256, SHA2-512 Entropy Input - Entropy Input: 160, Entropy Input: 256 Nonce - Nonce: 160, Nonce: 256 Personalization String Length - Personalization String Length: 0, 160, Personalization String Length: 0, 256 Additional Input - Additional Input: 0, 160, Additional Input: 0, 256 Returned Bits - 320, 512, 768SP 800-90A Rev. 1
HMAC-SHA-1A5137MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5138MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5139MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5140MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5141MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5142MAC - MAC: 160 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5138MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5139MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5140MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5141MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5142MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5138MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5139MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5140MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5141MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5142MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5138MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5139MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5140MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5141MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5142MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5138MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5139MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5140MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5141MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5142MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5138MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5139MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5140MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5141MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5142MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5138MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5139MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5140MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5141MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5142MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 224A5140MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 224A5141MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 224A5142MAC - MAC: 224 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 256A5140MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 256A5141MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 256A5142MAC - MAC: 256 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 384A5140MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 384A5141MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 384A5142MAC - MAC: 384 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 512A5140MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 512A5141MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 512A5142MAC - MAC: 512 Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
PBKDFA5138Iteration Count - Iteration Count: 1000-10000000 Increment 1 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5139Iteration Count - Iteration Count: 1000-10000000 Increment 1 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Password Length - Password Length: 8-128 Increment 1 Salt Length - Salt Length: 128-4096 Increment 8 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-132
PBKDFA5140Iteration Count - Iteration Count: 1000-10000000 Increment 1 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Password Length - Password Length: 8-128 Increment 1 Salt Length - Salt Length: 128-4096 Increment 8 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-132
PBKDFA5141Iteration Count - Iteration Count: 1000-10000000 Increment 1 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Password Length - Password Length: 8-128 Increment 1 Salt Length - Salt Length: 128-4096 Increment 8 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-132
PBKDFA5142Iteration Count - Iteration Count: 1000-10000000 Increment 1 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Password Length - Password Length: 8-128 Increment 1 Salt Length - Salt Length: 128-4096 Increment 8 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-132
RSA KeyGen (FIPS186-5)A5138Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 p mod 8 - 0 Primality Tests - 2powSecStr q mod 8 - 0 Info Generated By Server - No Private Key Format - standard Public Exponent Mode - randomFIPS 186-5
RSA KeyGen (FIPS186-5)A5139Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 p mod 8 - 0 Primality Tests - 2powSecStr q mod 8 - 0 Info Generated By Server - No Private Key Format - standard Public Exponent Mode - randomFIPS 186-5
RSA KeyGen (FIPS186-5)A5140Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 p mod 8 - 0 Primality Tests - 2powSecStr q mod 8 - 0 Info Generated By Server - No Private Key Format - standard Public Exponent Mode - randomFIPS 186-5
RSA KeyGen (FIPS186-5)A5141Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 p mod 8 - 0 Primality Tests - 2powSecStr q mod 8 - 0 Info Generated By Server - No Private Key Format - standard Public Exponent Mode - randomFIPS 186-5
RSA KeyGen (FIPS186-5)A5142Key Generation Mode - probable Modulo - 2048, 3072, 4096, 8192 p mod 8 - 0 Primality Tests - 2powSecStr q mod 8 - 0 Info Generated By Server - No Private Key Format - standard Public Exponent Mode - randomFIPS 186-5
RSA SigGen (FIPS186-5)A5138Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigGen (FIPS186-5)A5139Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigGen (FIPS186-5)A5140Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigGen (FIPS186-5)A5141Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigGen (FIPS186-5)A5142Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigVer (FIPS186-2)A5138Public Exponent Mode - Fixed Fixed Public Exponent - 010001 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28FIPS 186-4
RSA SigVer (FIPS186-2)A5139Public Exponent Mode - Fixed Fixed Public Exponent - 010001 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28FIPS 186-4
RSA SigVer (FIPS186-2)A5140Public Exponent Mode - Fixed Fixed Public Exponent - 010001 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28FIPS 186-4
RSA SigVer (FIPS186-2)A5141Public Exponent Mode - Fixed Fixed Public Exponent - 010001 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 Hash Pair -FIPS 186-4
RSA SigVer (FIPS186-2)A5142Public Exponent Mode - Fixed Fixed Public Exponent - 010001 Signature Type - PKCS 1.5, PKCSPSS Modulo - 1536 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28FIPS 186-4
RSA SigVer (FIPS186-4)A5138Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28 Public Exponent Mode - Fixed Fixed Public Exponent - 010001FIPS 186-4
RSA SigVer (FIPS186-4)A5139Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28 Public Exponent Mode - Fixed Fixed Public Exponent - 010001FIPS 186-4
RSA SigVer (FIPS186-4)A5140Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28 Public Exponent Mode - Fixed Fixed Public Exponent - 010001FIPS 186-4
RSA SigVer (FIPS186-4)A5141Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28 Public Exponent Mode - Fixed Fixed Public Exponent - 010001FIPS 186-4
RSA SigVer (FIPS186-4)A5142Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 Hash Pair - Hash Algorithm - SHA2-224 Salt Length - 28FIPS 186-4
RSA SigVer (FIPS186-5)A5138Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss Fixed Public Exponent - 010001 Public Exponent Mode - fixedFIPS 186-5
RSA SigVer (FIPS186-5)A5139Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss Fixed Public Exponent - 010001 Public Exponent Mode - fixedFIPS 186-5
RSA SigVer (FIPS186-5)A5140Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss Fixed Public Exponent - 010001 Public Exponent Mode - fixedFIPS 186-5
RSA SigVer (FIPS186-5)A5141Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss Fixed Public Exponent - 010001 Public Exponent Mode - fixedFIPS 186-5
RSA SigVer (FIPS186-5)A5142Hash Pair - Hash Algorithm - SHA2-512/256 Mask Function - mgf1 Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss Fixed Public Exponent - 010001 Public Exponent Mode - fixedFIPS 186-5
SHA-1A5137Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5138Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5139Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA3-224A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-224A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-224A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A5140Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A5141Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A5142Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHAKE-128A5140Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-128A5141Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-128A5142Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-256A5140Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-256A5141Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-256A5142Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length: 16-65536 Increment 8FIPS 202

Libgcrypt cryptography module for AlmaLinux 9

2.4 Modes of Operation

Modes List and Description: Table 5: Modes List and Description NonApproved Mode Change Instructions and Status: When the module starts up successfully, after passing all the pre-operational self-test and the cryptographic algorithms self-tests (CASTs), the module is operating in the approved mode of operation by default and can only be transitioned into the non-approved mode by calling one of the non-approved services listed in the NonApproved Services table. The module will transition back to approved mode when approved service is called. Section 4 provides details on the service indicator implemented by the module. The service indicator identifies The module does not implement a degraded mode of operation.

2.5 Algorithms

Approved Algorithms: © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 11

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 12

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 13

Libgcrypt cryptography module for AlmaLinux 9 2.0 2.0 2.0 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 14

Libgcrypt cryptography module for AlmaLinux 9 2.0 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 15

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 16

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 17

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 18

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 19

Libgcrypt cryptography module for AlmaLinux 9 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 20

Libgcrypt cryptography module for AlmaLinux 9 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 21

Libgcrypt cryptography module for AlmaLinux 9 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 HMAC-SHA3512 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 22

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 23

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 24

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 25

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 26

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 27

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 28

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 29

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 30
Service
NameDescriptionApproved FunctionsTypeProperties
Cryptographic Key Generation (CKG)Key type:AsymmetricN/ASP 800-133r2, section 4, example 1
MD5Message Digest
ECDHShared Secret Computation
AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAXSymmetric encryption; Symmetric decryption
RSASignature generation/verification primitives; Encryption/decryption primitives
RSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
ECDSASignature generation/verification primitives
ECDSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
Symmetric encryption and decryptionEncryption, decryption using AESAES-ECB: (A5138, A5139, A5141, A5142) AES-CBC: (A5138, A5139, A5141,BC-UnAuthKeys:128, 192, 256 bits with 128-256 of key strength
Service
NameDescriptionApproved FunctionsTypeProperties
Cryptographic Key Generation (CKG)Key type:AsymmetricN/ASP 800-133r2, section 4, example 1
MD5Message Digest
ECDHShared Secret Computation
AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAXSymmetric encryption; Symmetric decryption
RSASignature generation/verification primitives; Encryption/decryption primitives
RSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
ECDSASignature generation/verification primitives
ECDSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
Symmetric encryption and decryptionEncryption, decryption using AESAES-ECB: (A5138, A5139, A5141, A5142) AES-CBC: (A5138, A5139, A5141,BC-UnAuthKeys:128, 192, 256 bits with 128-256 of key strength
Service
NameDescriptionApproved FunctionsTypeProperties
Cryptographic Key Generation (CKG)Key type:AsymmetricN/ASP 800-133r2, section 4, example 1
MD5Message Digest
ECDHShared Secret Computation
AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAXSymmetric encryption; Symmetric decryption
RSASignature generation/verification primitives; Encryption/decryption primitives
RSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
ECDSASignature generation/verification primitives
ECDSA using public key flags not listed in section 4.6Key generation; Signature generation/verification
Symmetric encryption and decryptionEncryption, decryption using AESAES-ECB: (A5138, A5139, A5141, A5142) AES-CBC: (A5138, A5139, A5141,BC-UnAuthKeys:128, 192, 256 bits with 128-256 of key strength
MAC generation and verificationMessage authentication generation using AES CMACAES-CMAC: (A5138, A5139, A5141, A5142)MACKeys:128, 192, 256 bits with 128, 192, 256 bits of strength
Authenticated symmetric encryption and decryption with AES CCMEncryption, decryption using AES CCMAES-CCM: (A5138, A5139, A5141, A5142)BC-AuthKeys:128, 192, 256 bits with 128, 192, 256 bits of strength
Symmetric encryption and decryption with AES XTS (for data storage)Encryption, decryption using AES XTS (for data storage)AES-XTS Testing Revision 2.0: (A5138, A5139, A5141, A5142)BC-UnAuthKeys:128, 256 bits with 128, 256 bits of strength
Random number generationRandom number generation using CTR_DRBG, Hash_DRBG, HMAC_DRBGCounter DRBG: (A5138, A5139, A5141, A5142) Hash DRBG: (A5138, A5139, A5140, A5141, A5142) HMAC DRBG: (A5138, A5139, A5140, A5141, A5142)DRBGCTR_DRBG:AES-128, AES-192, AES-256 with DF, with/without PR Hash_DRBG:SHA-1, SHA-256, SHA-512 with/without PR HMAC_DRBG:SHA-1, SHA-256, SHA-512 with/without PR
Key pair generation with ECDSAKey pair generation using ECDSAECDSA KeyGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Cryptographic KeyCKGCurves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Method:B.4.2 Testing Candidates
Public key verification with ECDSAPublic key verification using ECDSAECDSA KeyVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142)AsymKeyPair- KeyVerCurves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength
Digital signature generation with ECDSADigital signature generation using ECDSAECDSA SigGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142)DigSig-SigGenCurves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2- 256, SHA2- 384, SHA2-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512
Digital signature verification with ECDSADigital signature verification using ECDSAECDSA SigVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142)DigSig-SigVerCurves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2- 256, SHA2- 384, SHA2-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512
Message authentication code with HMACMessage authentication code using HMACHMAC-SHA-1: (A5137, A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 224: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2- 256: (A5138, A5139, A5140, A5141, A5142) HMAC-SHA2-MACKeys:112, 192, 256 bits with 112-256 bits of strength Hash:SHA-1, SHA- 224, SHA-256, SHA- 384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3-224, SHA3- 256, SHA3- 384, SHA3-512
Key derivation with PBKDFKey derivation using PBKDFPBKDF: (A5138, A5139, A5140, A5141, A5142)PBKDFDerived key::112 to 256 bits HMAC:SHA-1, SHA- 224, SHA-256, SHA- 384, SHA-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512
Key wrapping with AESKey wrapping with AESAES-KW: (A5138, A5139, A5141, A5142) AES-CCM: (A5138, A5139, A5141, A5142)KTS-WrapKeys:128, 192, 256 bits with 128-256 bits of strength Compliance:Compliant with IG D.G AES Mode:KW, CCM
Key unwrapping with AESKey unwrapping with AESAES-KW: (A5138, A5139, A5141,KTS-WrapKeys:128, 192, 256 bits with 128-256 bits of

Libgcrypt cryptography module for AlmaLinux 9 Table 6: Approved Algorithms The above table lists all approved cryptographic algorithms of the module, including specific key lengths employed for approved services, and implemented modes or methods of operation of the algorithms. Vendor-Affirmed Algorithms: Table 7: Vendor-Affirmed Algorithms N/A Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: Table 8: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services.

2.6 Security Function Implementations

© 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 31

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 32

Libgcrypt cryptography module for AlmaLinux 9 AsymKeyPairKeyVer () © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 33

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 34
Service
NameDescriptionRole AccessApproved FunctionsType
Key pair generation with RSAKey pair generation using RSAKeys:2048, 3072, 4096 with 112, 128, 149 bits of strength Method:B.3.3 Random Probable PrimesRSA KeyGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142) Cryptographic Key Generation (CKG): () Key type: AsymmetricCKG
Digital signature generation with RSADigital signature generation using RSAPadding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3-512 Keys:2048, 3072, 4096 with 112, 128, 149 bits of strengthRSA SigGen (FIPS186-5): (A5138, A5139, A5140, A5141, A5142)DigSig-SigGen
Digital signature verification with RSADigital signature verification using RSAPadding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3-512 Keys:2048, 3072, 4096 with 112, 128, 149 bits of strengthRSA SigVer (FIPS186-5): (A5138, A5139, A5140, A5141, A5142)DigSig-SigVer
FIPS 186-4 Digital signature verification with RSAFIPS 186-4 Digital signature verification using RSAPadding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256 Keys:1024 with 80 bits of strengthRSA SigVer (FIPS186-4): (A5138, A5139, A5140, A5141, A5142)DigSig-SigVer
FIPS 186-2 Digital signature verification with RSAFIPS 186-2 Digital signature verification using RSAPadding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512 Keys:1536 with 92 bits of strength Compliance:FIPS 186- 2RSA SigVer (FIPS186-2): (A5138, A5139, A5140, A5141, A5142)DigSig-SigVer
Message digest with SHA-3Message digest with SHA-3SHA3-224: (A5140, A5141, A5142) SHA3-256: (A5140, A5141, A5142) SHA3-384: (A5140, A5141, A5142) SHA3-512: (A5140, A5141, A5142) SHAKE-128: (A5140, A5141, A5142) SHAKE-256: (A5140, A5141, A5142)SHA
Message digest with SHA-1Message digest using SHA-1SHA-1: (A5137, A5138, A5139, A5140, A5141, A5142)SHA
Message digest with SHA-2Message digest using SHA-2SHA2-224: (A5138, A5139, A5140, A5141, A5142) SHA2-256: (A5138, A5139, A5140, A5141, A5142) SHA2-384: (A5138, A5139, A5140, A5141,SHA

Libgcrypt cryptography module for AlmaLinux 9 () © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 35

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 36

Libgcrypt cryptography module for AlmaLinux 9 Table 9: Security Function Implementations

2.7 Algorithm Specific Information

AES XTS The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. The AES-XTS mode shall only be used for the cryptographic protection of data on storage devices. The AESXTS shall not be used for other purposes, such as the encryption of data in transit. Key derivation using SP800-132 PBKDF The module provides password-based key derivation (PBKDF), compliant with SP800-132. The module supports option 1a from Section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132] and FIPS 140-3 IG D.N, the following requirements shall be met.

Page 37
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Userspace CPU Time Jitter RNG Entropy Source version 3.4.0Non- Physical256 bitsAlmaLinux 9.2 on Amazon Web Services (AWS) m5.metal on Intel Xeon Platinum 8259CL; AlmaLinux OS 9.6 on GIGABYTE E163- S30-AAG1 on Intel® Xeon® Gold 5512UFull entropyAlmaLinux 9.2: SHA3- 256 (A4026), HMAC- SHA2-512-DRBG (A4025); AlmaLinux OS 9.6: SHA3-256 (A7065), HMAC DRBG (A7090)
CertVendor Name
Number
E127Cloudlinux Inc., TuxCare division

Libgcrypt cryptography module for AlmaLinux 9 10-8. Combined with the minimum iteration count as described below, this provides an acceptable trade-off between user experience and security against brute-force attacks. The calling application shall also observe the rest of the requirements and recommendations specified in [SP800-132]. SHA-1 Use SHA-1 is only approved when used in approved modes for message digest, HMAC, KDF (PBKDF), and DRBG. The use of SHA-1 for digital signature generation (e.g., ECDSA, RSA) or verification is non-approved.

2.8 RBG and Entropy

Table 10: Entropy Certificates 3.4.0 NonPhysical Table 11: Entropy Sources The Module provides an SP800-90A-compliant Deterministic Random Bit Generator (DRBG) for creation of key components of asymmetric keys, and random number generation. The seeding (and automatic reseeding) of the DRBG is done with getrandom(). The DRBG supports the Hash_DRBG, HMAC_DRBG and CTR_DRBG mechanisms. The DRBG is initialized during module initialization; the module loads by default the DRBG using the HMAC_DRBG mechanism with SHA-256 and without prediction resistance. A different DRBG mechanism can be chosen by invoking the gcry_control(GCRYCTL_DRBG_REINIT) function. The module uses an [SP800-90B]-compliant entropy source specified in the above table. This entropy source is located within the module’s physical perimeter but outside of the module’s cryptographic boundary. The module obtains 384 bits to seed the DRBG, and 256 bits to reseed it. The module performs the DRBG health tests as defined in Section 11.3 of [SP800-90A].

2.9 Key Generation

The module provides the following key generation methods:

Page 38

Libgcrypt cryptography module for AlmaLinux 9

2.10 Key Establishment

The module provides the following key establishment methods:

2.11 Industry Protocols

The module does not implement industry protocols, therefore this section is not applicable. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 39
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputAPI input parameters for data.
N/AN/AData OutputAPI output parameters for data.
N/AN/AControl InputAPI function calls, API input parameters for control input, /proc/sys/crypto/fips_enabled control file.
N/AN/AStatus OutputAPI return codes, API output parameters for status output.

Libgcrypt cryptography module for AlmaLinux 9

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A N/A N/A Table 12: Ports and Interfaces N/A As a software-only module, the module does not have physical ports. The operator can only interact with the module through the API provided by the module. Thus, the physical ports are interpreted to be the physical ports of the hardware platform on which the module runs. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state. The module does not implement a control output interface. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 40
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmetric encryption and decryptionPerform AES encryption and decryptionCryp to Offic er - AES keys: W,ESymm etric encryp tion and decryp tion Authe nticate d symme tric encryp tion and decryp tion with AES CCM Symm etric encryp tion andgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_CIPHER, ...) returns GPG_ERR_NO_ERRORAES key, IV, plaintext/ ciphertex tCiphertex t/plaintex t
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmetric encryption and decryptionPerform AES encryption and decryptionCryp to Offic er - AES keys: W,ESymm etric encryp tion and decryp tion Authe nticate d symme tric encryp tion and decryp tion with AES CCM Symm etric encryp tion andgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_CIPHER, ...) returns GPG_ERR_NO_ERRORAES key, IV, plaintext/ ciphertex tCiphertex t/plaintex t

Libgcrypt cryptography module for AlmaLinux 9

4 Roles, Services, and Authentication

The module does not support authentication.

4.2 Roles

Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module.

4.3 Approved Services

t y t d W,E © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 41
Sensitive security parameter
NameDescriptionStorageInputOutputAccessIndicator
Key Pair Generation with RSAGenerate a key pairKey pair genera tion with RSAModulus bitsRSA public key, RSA private keyCryp to Offic er - RSA Priva te Key: G,E - RSA Publi c Key: G,Egcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) returns GPG_ERR_NO_ERROR
Key Pair Generation with ECDSAGenerate a key pairKey pair genera tion with ECDS ACurveECDSA public key, ECDSA private keyCryp to Offic er - ECD SA Priva te Key: G,E - ECD SA Publi cgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) returns GPG_ERR_NO_ERROR

Libgcrypt cryptography module for AlmaLinux 9 y ) G,E c G,E A G,E c © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 42
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutputSecurit y Functi ons
Digital signature generation with RSAGenerate a signatureCryp to Offic er - RSA Priva te Key: W,EDigital signatu re genera tion with RSAgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERRORRSA private key, messageSignature
Digital signature generation with ECDSAGenerate a signatureCryp to Offic er - ECD SA Priva te Key: W,EDigital signatu re genera tion with ECDS Agcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERRORECDSA private key, messageSignature
Digital signature verification with RSAVerify a signatureCryp to Offic er - RSA Publi c Key: W,EDigital signatu re verific ation with RSA FIPS 186-4 Digital signatu re verific ation with RSA FIPS 186-2gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERRORRSA public key, message, signaturePass/fail
Digital signature verification with ECDSAVerify a signatureCryp to Offic er - ECD SA Publi c Key: W,EDigital signatu re verific ation with ECDS Agcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_PK_FLA GS, ...) or gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) return GPG_ERR_NO_ERRORECDSA public key, message, signaturePass/fail
Public key verificationVerify ECDSA public keyCryp to Offic er - ECD SA Publi c Key: W,EPublic key verific ation with ECDS Agcry_mpi_ec_curve_point() returns GPG_ERR_NO_ERRORECDSA public keyPass/fail
Random Number Generation with CTR_DRBG/ HMAC_DRB GGenerate random bitstrings from CTR_DRBG/ HMAC_DRB GCryp to Offic er - Entr opy Inpu t: W,E - DRBRando m numbe r genera tiongcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure() return GPG_ERR_NO_ERROROutput lengthRandom bytes
Random Number Generation with Hash_DRBGGenerate random bitstrings from Hash_DRBGCryp to Offic er - Entr opy Inpu t: W,E - DRB G seed: G,E - DRB G inter nal state (V value , C value ):Rando m numbe r genera tiongcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure() return GPG_ERR_NO_ERROROutput lengthRandom bytes
Message digestCompute SHA hashesCryp to Offic erMessag e digest with SHA-3 Messag e digest with SHA-1 Messag e digest with SHA-2gcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MD, ...) returns GPG_ERR_NO_ERRORMessageDigest value
Message authenticatio n code (MAC) with HMACCompute HMACCryp to Offic er - HM AC keys: W,EMessag e authen ticatio n code with HMA Cgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MAC, .. .) returns GPG_ERR_NO_ERRORHMAC keyMAC tag
Message authenticatio n code (MAC) with CMACCompute AES-based CMACCryp to Offic er - AES keys: W,EMAC genera tion and verific ationgcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_MAC, .. .) returns GPG_ERR_NO_ERRORAES keyMAC tag
Key wrapping and unwrappingPerform AES-based key wrapping/un wrappingCryp to Offic er - AESKey wrappi ng with AES Key unwragcry_control(GCRYCTL_FIPS_S ERVICE_INDICATOR_CIPHER, ...) returns GPG_ERR_NO_ERRORAES key, any CSP/wra pped CSPWrapped CSP/Unw rapped CSP
pping with AESkeys: W,Epping with AES
Key derivationPerform key derivationCryp to Offic er - Pass word or passp hrase : W,E - Deri ved key: GKey derivat ion with PBKD Fgcry_control(GCRYCTL_FIPS_ SERVICE_INDICATOR_KDF, ... ) returns GPG_ERR_NO_ERRORPassword , salt, iteration countDerived key
On-demand Integrity testPerform on- demand integrity testCryp to Offic erMessag e authen ticatio n code with HMA CN/AN/APass/fail
Show statusShow module statusCryp to Offic erNoneN/AN/AModule status
Self-testsPerform self- testsCryp to Offic erNoneN/AN/APass/fail
Show module name and versionShow module name and versionCryp to Offic erNoneN/AN/AModule name and version informati on
Symmetric encryption/decryptionAES encryption/decryption using non- approved AES modesAES-GCM, AES-GCM- SIV, AES-OCB, AES- EAXCO
Message digestNon-approved message digestMD5CO
Shared Secret ComputationECDH Shared Secret ComputationECDHCO
Key generation with RSAGenerate RSA key pairs using public key flags not listed in section 4.6.RSA using public key flags not listed in section 4.6CO
Key generation with ECDSAGenerate ECDSA key pairs using public key flags not listed in section 4.6.ECDSA using public key flags not listed in section 4.6CO
Digital signature generation/verification with RSAGenerate/verify a signature using RSA Signature generation/verification primitivesRSACO
Digital signature generation/verification with ECDSAGenerate/verify a signature using ECDSA Signature generation/verification primitivesECDSACO
Asymmetric encryption/decryptionPerform encryption/decryption using RSA encryption/decryption primitivesRSACO

Libgcrypt cryptography module for AlmaLinux 9 y G,E W,E A W,E c W,E © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 43

Libgcrypt cryptography module for AlmaLinux 9 G G y A c W,E A c W,E m r t: W,E © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 44

Libgcrypt cryptography module for AlmaLinux 9 y G G,E G (V , G,W, E m r t: W,E G G,E G (V ,C ): © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 45

Libgcrypt cryptography module for AlmaLinux 9 y G,W, E e e e e C W,E W,E © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 46

Libgcrypt cryptography module for AlmaLinux 9 Perform ondemand Perform selftests N/A N/A N/A N/A y W,E F : W,E G N/A e C N/A N/A N/A © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 47

Libgcrypt cryptography module for AlmaLinux 9 N/A N/A y Table 14: Approved Services The table above lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or CSPs involved, and their access type(s). The following convention is used to specify access rights to a CSP: • G = Generate: The module generates or derives the SSP. • R = Read: The SSP is read from the module (e.g., the SSP is output). • W = Write: The SSP is updated, imported, or written to the module. • E = Execute: The module uses the SSP in performing a cryptographic operation. • Z = Zeroise: The module zeroises the SSP. • N/A: the calling application does not access any CSP or key during its operation. The details of the approved cryptographic algorithms including the CAVP certificate numbers can be found in the Approved Algorithm table. In order to check whether it utilizes an approved security function or not, the operator is responsible to invoke the gcry_control() API along with dedicated controls in the form of API input parameters. The module implements the following controls depending on the requested service:

  1. GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER - For symmetric algorithms and the related modes.
  2. GCRYCTL_FIPS_SERVICE_INDICATOR_KDF - For KDF operations.
  3. GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS - For asymmetric operations. 1
  4. GCRYCTL_FIPS_SERVICE_INDICATOR_MD - For digest operations.
  5. GCRYCTL_FIPS_SERVICE_INDICATOR_MAC - For MAC operations. In addition to that, for the below-mentioned services, the approved service indicator corresponds to the GPG_ERR_NO_ERROR returned from listed functions in the indicator column below. They don’t use gcry_control() API:
  6. Random number generation service: gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure().
  7. Public key validation service: gcry_mpi_ec_curve_point().

1 The list of public key flags allowed in approved mode of operation is described in Section 4.6 Additional Information.

© 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 48

Libgcrypt cryptography module for AlmaLinux 9 For all approved services, GPG_ERR_NO_ERROR (i.e., “0”) return code indicates the service is approved. In case the above-mentioned controls are used in conjunction, the operator is responsible to check that all of the called functions return GPG_ERR_NO_ERROR (i.e., “0”). For all non-approved services, "non-zero" return code indicates the service is not approved. Table 15: Non-Approved Services The table above lists the non-approved services. For the services listed below, the module implements an additional service indicator in the form of a control named GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. The operator is responsible to invoke the gcry_control() API along with the following input parameters: GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION control; the name of the API 2 representing the service.

4.5 External Software/Firmware Loaded

The module does not have the capability of loading software or firmware from an external source.

4.6 Additional Information

Below are listed the approved public key flags for an input s-expression:

2 The list of APIs supported by the module can be found in the documentation included in the optional libgcrypt-devel package.

© 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 49
curveddataeecdsaflagssig-val
genkeyhashnnbitspkcs1private-keyvalue
psspublic-keyqrrawrsasalt-length
rsa-use-es

Libgcrypt cryptography module for AlmaLinux 9 d e n q r s © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 50

Libgcrypt cryptography module for AlmaLinux 9

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of the module is verified comparing the HMAC-SHA-256 value calculated at run time with the HMAC-SHA-256 value embedded in the module’s ELF header that was computed at build time for each software component of the module. If the HMAC values do not match, the test fails and the module enters the error state.

5.2 Initiate on Demand

Integrity tests are performed as part of the Pre-Operational Self-Tests. The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational tests (i.e., integrity test) and cryptographic algorithm self-tests (CASTs). This service can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output or input is possible. In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the module is in the operational state, FALSE if the module is in the Error state. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 51

Libgcrypt cryptography module for AlmaLinux 9

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied: The module should be compiled and installed as stated in section 11. The user should confirm that the module is installed correctly by running: 1. 2. fips-mode-setup --check command to verify that the system is operating in Approved mode check the output of the gcry_get_config() API, which should output Libgcrypt cryptography module for AlmaLinux 9 1.10.0-9a1db72d64086a2f The module does not support concurrent operators.

6.2 Configuration Settings and Restrictions

Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.

6.3 Additional Information

The module shall be installed as stated in Section 11. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 52

Libgcrypt cryptography module for AlmaLinux 9

7 Physical Security

The module is comprised of software only and therefore this section is not applicable. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 53

Libgcrypt cryptography module for AlmaLinux 9

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 54
Sensitive security parameter
NameTypeDescription
RAMDynamicTemporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs
Service
NameTypeFromTo
API input parameters (plaintext)PlaintextCalling application within TOEPPCryptographic moduleManualElectronic
API output parameters (plaintext)PlaintextCryptographic moduleCalling application within TOEPPManualElectronic
ZeroizationDescriptionRationaleOperator Initiation
Method
Wipe and Free memory block allocatedZeroizes the SSPs contained within the cipher handle.Memory occupied by SSPs is overwritten with zeroes and then it is released, which renders the SSP values irretrievable. The completion of the zeroization routine indicates that the zeroization procedure succeeded.By calling the cipher related zeroization API which are the following: gcry_free(), gcry_cipher_close(), gcry_mac_close(), gcry_sexp_release(), gcry_mpi_release(), gcry_ctx_release(), gcry_mpi_point_release(), gcry_ctrl(GCRYCTL_TE RM_SECMEM)

Libgcrypt cryptography module for AlmaLinux 9

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 16: Storage Areas appropriate zeroization function calls. Table 17: SSP Input-Output Methods form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry on the Key Establishment Table. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 55
Sensitive security parameter
NameTypeDescriptionStrengthUse
AES keysSymmetric key - CSPAES key used for encryption, decryption, and computing MAC tagsAES-XTS: 128, 256; Other modes: 128, 192, 256 - AES-XTS: 128, 256; Other modes: 128, 192, 256Symmetric encryption and decryption MAC generation and verification Authenticated symmetric encryption and decryption with AES CCM Symmetric encryption and decryption with AES XTS (for data storage)
HMAC keysSymmetric key - CSPHMAC key used for112-256 bits - 112-256 bitsMessage authentication
ZeroizationDescriptionRationaleOperator Initiation
Method
AutomaticAutomatically zeroized by the module when no longer neededMemory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable.N/A
Module ResetDe-allocates the volatile memory used to store SSPsVolatile memory used by the module is overwritten within nanoseconds when power is removed.By unloading and reloading the module

Libgcrypt cryptography module for AlmaLinux 9 N/A Table 18: SSP Zeroization Methods The memory occupied by SSPs is allocated by regular memory allocation operating system calls. The application that is acting as the CO is responsible for calling the appropriate zeroization functions provided in the module's API and listed in the above table. Calling gcry_free(), which will zeroize the SSPs and also invoke the corresponding API functions listed in the above table to zeroize SSPs. The zeroization functions overwrite the operating system call. In case of abnormal termination, or swap in/out of a physical memory page of a process, the keys in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. The completion of a zeroization routine(s) will indicate that a zeroization procedure succeeded. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 56
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputRelated SSPs
RSA Private KeyPrivate key - CSPPrivate key used for RSA signature generation2048, 3072, 4096 bits - 112, 128, 149 bitsKey pair generation with RSADigital signature generation with RSA
RSA Public KeyPublic key - PSPPublic key used for RSA signature verificationFIPS 186-5: 2048, 3072, 4096 bits bits; FIPS 186-4: 1024 bits; FIPS 186-2: 1536 bits - FIPS 186-5: 112, 128, 149 bits; FIPS 186-4: 80 bits; FIPS 186-2: 96 bitsKey pair generation with RSADigital signature verification with RSA FIPS 186-4 Digital signature verification with RSA FIPS 186-2 Digital signature verification with RSA
ECDSA Private KeyPrivate key - CSPPrivate key used for ECDSA signature generationP-224, P-256, P- 384, P-521 - 112, 128, 192, 256 bitsKey pair generation with ECDSAPublic key verification with ECDSA Digital signature generation with ECDSA
ECDSA Public KeyPublic key - PSPPublic key used for ECDSA signature verificationP-224, P-256, P- 384, P-521 - 112, 128, 192, 256 bitsKey pair generation with ECDSADigital signature verification with ECDSA
Password or passphrasePassword - CSPPassword used to derive symmetric keysMinimum of 8 character - N/AKey derivation with PBKDF
Derived keySymmetric key - CSPSymmetric key derived from a key derivation key, shared secret, or password112-4096 bits - 112-256 bitsKey derivation with PBKDF
Entropy InputEntropy input - CSPEntropy input used to seed the DRBG128-384 bits - 128-384 bitsRandom number generation
DRBG internal state (V value, C value)Internal state - CSPInternal state of the Hash_DRBG880, 1776 bits - 128, 256 bitsRandom number generationRandom number generation
DRBG internal state (V value, Key)Internal state - CSPInternal state of the CTR_DRBG and HMAC_DRBGCTR_DRBG: 256, 320, 384 bits; HMAC_DRBG: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bitsRandom number generationRandom number generation
DRBG seedSeed - CSPDRBG seed derived from entropy input as defined in SP 800-90Ar1CTR_DRBG: 256, 320, 384 bits; HMAC_DBRG: 440, 888 bits; Hash_DRBG: 440, 888 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits; Hash_DRBG: 128, 256 bitsRandom number generationRandom number generation
AES keysRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext)From service invocation to service completion
HMAC keysRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext)From service invocation to service completion
RSA Private KeyRAM:PlaintextWipe and Free memory blockAPI input parametersFrom service invocation toRSA Public Key:Paired With

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 57
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputRelated SSPs
Entropy InputEntropy input - CSPEntropy input used to seed the DRBG128-384 bits - 128-384 bitsRandom number generation
DRBG internal state (V value, C value)Internal state - CSPInternal state of the Hash_DRBG880, 1776 bits - 128, 256 bitsRandom number generationRandom number generation
DRBG internal state (V value, Key)Internal state - CSPInternal state of the CTR_DRBG and HMAC_DRBGCTR_DRBG: 256, 320, 384 bits; HMAC_DRBG: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bitsRandom number generationRandom number generation
DRBG seedSeed - CSPDRBG seed derived from entropy input as defined in SP 800-90Ar1CTR_DRBG: 256, 320, 384 bits; HMAC_DBRG: 440, 888 bits; Hash_DRBG: 440, 888 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits; Hash_DRBG: 128, 256 bitsRandom number generationRandom number generation
AES keysRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext)From service invocation to service completion
HMAC keysRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext)From service invocation to service completion
RSA Private KeyRAM:PlaintextWipe and Free memory blockAPI input parametersFrom service invocation toRSA Public Key:Paired With

Libgcrypt cryptography module for AlmaLinux 9 Table 19: SSP Table 1 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 58
Sensitive security parameter
NameGenerationStorageZeroizationOutputService completion
RSA Public KeyRSA Private Key:Paired With DRBG internal state (V value, C value):Generated fromRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext) API output parameters (plaintext)From service invocation to service completion
ECDSA Private KeyECDSA Public Key:Paired With DRBG internal state (V value, C value):Generated fromRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext) API output parameters (plaintext)From service invocation to service completion
ECDSA Public KeyECDSA Private Key:Paired With DRBG internal state (V value, C value):Generated fromRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext) API output parameters (plaintext)From service invocation to service completion
Password or passphraseDerived key:Derivation ofRAM:PlaintextWipe and Free memory block allocated Module ResetAPI input parameters (plaintext)From service invocation to service completion
Derived keyPassword or passphrase:Derived FromRAM:PlaintextWipe and Free memory block allocated Module ResetAPI output parameters (plaintext)From service invocation to service completion
Entropy InputDRBG seed:Derivation ofRAM:PlaintextAutomaticFrom service invocation to service completion
DRBG internal state (V value, C value)DRBG seed:Generated fromRAM:PlaintextAutomaticFrom service invocation to service completion
DRBG internal state (V value, Key)DRBG seed:Generated fromRAM:PlaintextAutomaticFrom service invocation to service completion

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 59
Sensitive security parameter
NameStorageZeroizationRelated SSPs
DRBG seedRAM:PlaintextAutomaticFrom service invocation to service completionEntropy Input:Derived From DRBG internal state (V value, C value):Generation of DRBG internal state (V value, Key):Generation of

Libgcrypt cryptography module for AlmaLinux 9 Table 20: SSP Table 2 The tables above summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module.

9.5 Transitions

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 60
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorTest PropertiesConditions
HMAC- SHA2-256 (A5138)HMAC- SHA2-256 (A5138)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5139)HMAC- SHA2-256 (A5139)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5140)HMAC- SHA2-256 (A5140)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5141)HMAC- SHA2-256 (A5141)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5142)HMAC- SHA2-256 (A5142)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
SHA-1 (A5137)SHA-1 (A5137)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5138)SHA-1 (A5138)KATCASTMessage digestModule is operationalN/APower up
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorTest PropertiesConditions
HMAC- SHA2-256 (A5138)HMAC- SHA2-256 (A5138)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5139)HMAC- SHA2-256 (A5139)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5140)HMAC- SHA2-256 (A5140)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5141)HMAC- SHA2-256 (A5141)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5142)HMAC- SHA2-256 (A5142)Message authenticationSW/FW IntegrityIntegrity test for /usr/lib64/libgcrypt.so.20.4.0256-bit keyModule becomes operational and services are available for use
SHA-1 (A5137)SHA-1 (A5137)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5138)SHA-1 (A5138)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5139)SHA-1 (A5139)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5140)SHA-1 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5141)SHA-1 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA-1 (A5142)SHA-1 (A5142)KATCASTMessage digestModule is operationalN/APower up
AES-ECB - Encrypt (A5138)AES-ECB - Encrypt (A5138)KATCASTEncryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Encrypt (A5139)AES-ECB - Encrypt (A5139)KATCASTEncryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Encrypt (A5141)AES-ECB - Encrypt (A5141)KATCASTEncryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Encrypt (A5142)AES-ECB - Encrypt (A5142)KATCASTEncryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Decrypt (A5138)AES-ECB - Decrypt (A5138)KATCASTDecryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Decrypt (A5139)AES-ECB - Decrypt (A5139)KATCASTDecryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Decrypt (A5141)AES-ECB - Decrypt (A5141)KATCASTDecryptionModule is operational128, 192, 256-bit keyPower up
AES-ECB - Decrypt (A5142)AES-ECB - Decrypt (A5142)KATCASTDecryptionModule is operational128, 192, 256-bit keyPower up
AES- CMAC (A5138)AES- CMAC (A5138)KATCASTMAC generationModule is operational128-bit keyPower up
AES- CMAC (A5139)AES- CMAC (A5139)KATCASTMAC generationModule is operational128-bit keyPower up
AES- CMAC (A5141)AES- CMAC (A5141)KATCASTMAC generationModule is operational128-bit keyPower up
AES- CMAC (A5142)AES- CMAC (A5142)KATCASTMAC generationModule is operational128-bit keyPower up
Counter DRBG (A5138)Counter DRBG (A5138)KATCASTInstantiate Generate; Reseed GenerateModule is operationalAES with 128-bit key with DF, with and without PRPower up
Counter DRBG (A5139)Counter DRBG (A5139)KATCASTInstantiate Generate; Reseed GenerateModule is operationalAES with 128-bit key with DF, with and without PRPower up
Counter DRBG (A5141)Counter DRBG (A5141)KATCASTInstantiate Generate; Reseed GenerateModule is operationalAES with 128-bit key with DF, with and without PRPower up
Counter DRBG (A5142)Counter DRBG (A5142)KATCASTInstantiate Generate; Reseed GenerateModule is operationalAES with 128-bit key with DF, with and without PRPower up
Hash DRBG (A5138)Hash DRBG (A5138)KATCASTInstantiate Generate; Reseed GenerateModule is operationSHA-1 without PR and SHA-256 with and without PRPower up
Hash DRBG (A5139)Hash DRBG (A5139)KATCASTInstantiate Generate; Reseed GenerateModule is operationSHA-1 without PR and SHA-256 with and without PRPower up
Hash DRBG (A5140)Hash DRBG (A5140)KATCASTInstantiate Generate; Reseed GenerateModule is operationSHA-1 without PR and SHA-256 with and without PRPower up
Hash DRBG (A5141)Hash DRBG (A5141)KATCASTInstantiate Generate; Reseed GenerateModule is operationSHA-1 without PR and SHA-256 with and without PRPower up
Hash DRBG (A5142)Hash DRBG (A5142)KATCASTInstantiate Generate;Module is operationSHA-1 without PR and SHA-256 with and without PRPower up
HMAC DRBG (A5138)HMAC DRBG (A5138)KATCASTInstantiate Generate; Reseed GenerateModule is operationalSHA-256 with and without PRPower up
HMAC DRBG (A5139)HMAC DRBG (A5139)KATCASTInstantiate Generate; Reseed GenerateModule is operationalSHA-256 with and without PRPower up
HMAC DRBG (A5140)HMAC DRBG (A5140)KATCASTInstantiate Generate; Reseed GenerateModule is operationalSHA-256 with and without PRPower up
HMAC DRBG (A5141)HMAC DRBG (A5141)KATCASTInstantiate Generate; Reseed GenerateModule is operationalSHA-256 with and without PRPower up
HMAC DRBG (A5142)HMAC DRBG (A5142)KATCASTInstantiate Generate; Reseed GenerateModule is operationalSHA-256 with and without PRPower up
ECDSA SigGen (FIPS186-5) (A5138)ECDSA SigGen (FIPS186-5) (A5138)KATCASTSignature generation and verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigGen (FIPS186-5) (A5139)ECDSA SigGen (FIPS186-5) (A5139)KATCASTSignature generation and verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigGen (FIPS186-5) (A5140)ECDSA SigGen (FIPS186-5) (A5140)KATCASTSignature generation and verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigGen (FIPS186-5) (A5141)ECDSA SigGen (FIPS186-5) (A5141)KATCASTSignature generation and verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigGenECDSA SigGenKATCASTSignature generation and verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigVer (FIPS186-5) (A5138)ECDSA SigVer (FIPS186-5) (A5138)KATCASTSignature verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigVer (FIPS186-5) (A5139)ECDSA SigVer (FIPS186-5) (A5139)KATCASTSignature verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigVer (FIPS186-5) (A5140)ECDSA SigVer (FIPS186-5) (A5140)KATCASTSignature verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigVer (FIPS186-5) (A5141)ECDSA SigVer (FIPS186-5) (A5141)KATCASTSignature verificationModule is operationalP-256 and SHA-256Power up
ECDSA SigVer (FIPS186-5) (A5142)ECDSA SigVer (FIPS186-5) (A5142)KATCASTSignature verificationModule is operationalP-256 and SHA-256Power up
HMAC- SHA2-224 (A5138)HMAC- SHA2-224 (A5138)KATCASTMessage authenticationModule is operationalSHA2-224Power up
HMAC- SHA2-224 (A5139)HMAC- SHA2-224 (A5139)KATCASTMessage authenticationModule is operationalSHA2-224Power up
HMAC- SHA2-224 (A5140)HMAC- SHA2-224 (A5140)KATCASTMessage authenticationModule is operationalSHA2-224Power up
HMAC- SHA2-224 (A5141)HMAC- SHA2-224 (A5141)KATCASTMessage authenticationModule is operationalSHA2-224Power up
HMAC- SHA2-224 (A5142)HMAC- SHA2-224 (A5142)KATCASTMessage authenticationModule is operationalSHA2-224Power up
HMAC- SHA2-256 (A5138)HMAC- SHA2-256 (A5138)KATCASTMessage authenticationModule is operationalSHA2-256Power up
HMAC- SHA2-256 (A5139)HMAC- SHA2-256 (A5139)KATCASTMessage authenticationModule is operationalSHA2-256Power up
HMAC- SHA2-256 (A5140)HMAC- SHA2-256 (A5140)KATCASTMessage authenticationModule is operationalSHA2-256Power up
HMAC- SHA2-256 (A5141)HMAC- SHA2-256 (A5141)KATCASTMessage authenticationModule is operationalSHA2-256Power up
HMAC- SHA2-256 (A5142)HMAC- SHA2-256 (A5142)KATCASTMessage authenticationModule is operationalSHA2-256Power up
HMAC- SHA2-384 (A5138)HMAC- SHA2-384 (A5138)KATCASTMessage authenticationModule is operationalSHA2-384Power up
HMAC- SHA2-384 (A5139)HMAC- SHA2-384 (A5139)KATCASTMessage authenticationModule is operationalSHA2-384Power up
HMAC- SHA2-384 (A5140)HMAC- SHA2-384 (A5140)KATCASTMessage authenticationModule is operationalSHA2-384Power up
HMAC- SHA2-384 (A5141)HMAC- SHA2-384 (A5141)KATCASTMessage authenticationModule is operationalSHA2-384Power up
HMAC- SHA2-384 (A5142)HMAC- SHA2-384 (A5142)KATCASTMessage authenticationModule is operationalSHA2-384Power up
HMAC- SHA2-512 (A5138)HMAC- SHA2-512 (A5138)KATCASTMessage authenticationModule is operationalSHA2-512Power up
HMAC- SHA2-512 (A5139)HMAC- SHA2-512 (A5139)KATCASTMessage authenticationModule is operationalSHA2-512Power up
HMAC- SHA2-512 (A5140)HMAC- SHA2-512 (A5140)KATCASTMessage authenticationModule is operationalSHA2-512Power up
HMAC- SHA2-512 (A5141)HMAC- SHA2-512 (A5141)KATCASTMessage authenticationModule is operationalSHA2-512Power up
HMAC- SHA2-512 (A5142)HMAC- SHA2-512 (A5142)KATCASTMessage authenticationModule is operationalSHA2-512Power up
HMAC- SHA3-224 (A5140)HMAC- SHA3-224 (A5140)KATCASTMessage authenticationModule is operationalSHA3-224Power up
HMAC- SHA3-224 (A5141)HMAC- SHA3-224 (A5141)KATCASTMessage authenticationModule is operationalSHA3-224Power up
HMAC- SHA3-224 (A5142)HMAC- SHA3-224 (A5142)KATCASTMessage authenticationModule is operationalSHA3-224Power up
HMAC- SHA3-256 (A5140)HMAC- SHA3-256 (A5140)KATCASTMessage authenticationModule is operationalSHA3-256Power up
HMAC- SHA3-256 (A5141)HMAC- SHA3-256 (A5141)KATCASTMessage authenticationModule is operationalSHA3-256Power up
HMAC- SHA3-256 (A5142)HMAC- SHA3-256 (A5142)KATCASTMessage authenticationModule is operationalSHA3-256Power up
HMAC- SHA3-384 (A5140)HMAC- SHA3-384 (A5140)KATCASTMessage authenticationModule is operationalSHA3-384Power up
HMAC- SHA3-384 (A5141)HMAC- SHA3-384 (A5141)KATCASTMessage authenticationModule is operationalSHA3-384Power up
HMAC- SHA3-384 (A5142)HMAC- SHA3-384 (A5142)KATCASTMessage authenticationModule is operationalSHA3-384Power up
HMAC- SHA3-512 (A5140)HMAC- SHA3-512 (A5140)KATCASTMessage authenticationModule is operationalSHA3-512Power up
HMAC- SHA3-512 (A5141)HMAC- SHA3-512 (A5141)KATCASTMessage authenticationModule is operationalSHA3-512Power up
HMAC- SHA3-512 (A5142)HMAC- SHA3-512 (A5142)KATCASTMessage authenticationModule is operationalSHA3-512Power up
HMAC- SHA-1 (A5137)HMAC- SHA-1 (A5137)KATCASTMessage authenticationModule is operationalSHA-1Power up
HMAC- SHA-1 (A5138)HMAC- SHA-1 (A5138)KATCASTMessage authenticationModule is operationalSHA-1Power up
HMAC- SHA-1 (A5139)HMAC- SHA-1 (A5139)KATCASTMessage authenticationModule is operationalSHA-1Power up
HMAC- SHA-1 (A5140)HMAC- SHA-1 (A5140)KATCASTMessage authenticationModule is operationalSHA-1Power up
HMAC- SHA-1 (A5141)HMAC- SHA-1 (A5141)KATCASTMessage authenticationModule is operationalSHA-1Power up
HMAC- SHA-1 (A5142)HMAC- SHA-1 (A5142)KATCASTMessage authenticationModule is operationalSHA-1Power up
RSA SigGen (FIPS186-5) (A5138)RSA SigGen (FIPS186-5) (A5138)KATCASTSignature generationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigGen (FIPS186-5) (A5139)RSA SigGen (FIPS186-5) (A5139)KATCASTSignature generationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigGen (FIPS186-5) (A5140)RSA SigGen (FIPS186-5) (A5140)KATCASTSignature generationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigGen (FIPS186-5) (A5141)RSA SigGen (FIPS186-5) (A5141)KATCASTSignature generationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigGen (FIPS186-5) (A5142)RSA SigGen (FIPS186-5) (A5142)KATCASTSignature generationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigVer (FIPS186-5) (A5138)RSA SigVer (FIPS186-5) (A5138)KATCASTSignature verificationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigVer (FIPS186-5) (A5139)RSA SigVer (FIPS186-5) (A5139)KATCASTSignature verificationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigVer (FIPS186-5) (A5140)RSA SigVer (FIPS186-5) (A5140)KATCASTSignature verificationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigVer (FIPS186-5) (A5141)RSA SigVer (FIPS186-5) (A5141)KATCASTSignature verificationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
RSA SigVer (FIPS186-5) (A5142)RSA SigVer (FIPS186-5) (A5142)KATCASTSignature verificationModule is operationalRSA PKCS#1 v1.5 with 2048-bit key using SHA-256Power up
SHA2-224 (A5138)SHA2-224 (A5138)KATCASTMessage digestModule is operationalN/APower up
SHA2-224 (A5139)SHA2-224 (A5139)KATCASTMessage digestModule is operationalN/APower up
SHA2-224 (A5140)SHA2-224 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA2-224 (A5141)SHA2-224 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA2-224 (A5142)SHA2-224 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA2-256 (A5138)SHA2-256 (A5138)KATCASTMessage digestModule is operationalN/APower up
SHA2-256 (A5139)SHA2-256 (A5139)KATCASTMessage digestModule is operationalN/APower up
SHA2-256 (A5140)SHA2-256 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA2-256 (A5141)SHA2-256 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA2-256 (A5142)SHA2-256 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA2-384 (A5138)SHA2-384 (A5138)KATCASTMessage digestModule is operationalN/APower up
SHA2-384 (A5139)SHA2-384 (A5139)KATCASTMessage digestModule is operationalN/APower up
SHA2-384 (A5140)SHA2-384 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA2-384 (A5141)SHA2-384 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA2-384 (A5142)SHA2-384 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA2-512 (A5138)SHA2-512 (A5138)KATCASTMessage digestModule is operationalN/APower up
SHA2-512 (A5139)SHA2-512 (A5139)KATCASTMessage digestModule is operationalN/APower up
SHA2-512 (A5140)SHA2-512 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA2-512 (A5141)SHA2-512 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA2-512 (A5142)SHA2-512 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA3-224 (A5140)SHA3-224 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA3-224 (A5141)SHA3-224 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA3-224 (A5142)SHA3-224 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA3-256 (A5140)SHA3-256 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA3-256 (A5141)SHA3-256 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA3-256 (A5142)SHA3-256 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA3-384 (A5140)SHA3-384 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA3-384 (A5141)SHA3-384 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA3-384 (A5142)SHA3-384 (A5142)KATCASTMessage digestModule is operationalN/APower up
SHA3-512 (A5140)SHA3-512 (A5140)KATCASTMessage digestModule is operationalN/APower up
SHA3-512 (A5141)SHA3-512 (A5141)KATCASTMessage digestModule is operationalN/APower up
SHA3-512 (A5142)SHA3-512 (A5142)KATCASTMessage digestModule is operationalN/APower up
PBKDF (A5138)PBKDF (A5138)KATCASTKey DerivationModule is operationalSHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bitsPower up
PBKDF (A5139)PBKDF (A5139)KATCASTKey DerivationModule is operationalSHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bitsPower up
PBKDF (A5140)PBKDF (A5140)KATCASTKey DerivationModule is operationalSHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bitsPower up
PBKDF (A5141)PBKDF (A5141)KATCASTKey DerivationModule is operationalSHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iterationPower up
PBKDF (A5142)PBKDF (A5142)KATCASTKey DerivationModule is operationalSHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits; SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bitsPower up
ECDSA KeyGen (FIPS186-5) (A5138)ECDSA KeyGen (FIPS186-5) (A5138)Signature generation and verificationPCTSign and VerifyModule is operationalRespective Curve and SHA2-256Key generation
ECDSA KeyGen (FIPS186-5) (A5139)ECDSA KeyGen (FIPS186-5) (A5139)Signature generation and verificationPCTSign and VerifyModule is operationalRespective Curve and SHA2-256Key generation
ECDSA KeyGen (FIPS186-5) (A5140)ECDSA KeyGen (FIPS186-5) (A5140)Signature generation and verificationPCTSign and VerifyModule is operationalRespective Curve and SHA2-256Key generation
ECDSA KeyGen (FIPS186-5) (A5141)ECDSA KeyGen (FIPS186-5) (A5141)Signature generation and verificationPCTSign and VerifyModule is operationalRespective Curve and SHA2-256Key generation
ECDSA KeyGen (FIPS186-5) (A5142)ECDSA KeyGen (FIPS186-5) (A5142)Signature generation and verificationPCTSign and VerifyModule is operationalRespective Curve and SHA2-256Key generation
RSA KeyGen (FIPS186-5) (A5138)RSA KeyGen (FIPS186-5) (A5138)Signature generation and verificationPCTSign and VerifyModule is operationalSHA2-256 and respective keysKey generation
RSA KeyGen (FIPS186-5) (A5139)RSA KeyGen (FIPS186-5) (A5139)Signature generation and verificationPCTSign and VerifyModule is operationalSHA2-256 and respective keysKey generation
RSA KeyGen (FIPS186-5) (A5140)RSA KeyGen (FIPS186-5) (A5140)Signature generation and verificationPCTSign and VerifyModule is operationalSHA2-256 and respective keysKey generation
RSA KeyGen (FIPS186-5) (A5141)RSA KeyGen (FIPS186-5) (A5141)Signature generation and verificationPCTSign and VerifyModule is operationalSHA2-256 and respective keysKey generation
RSA KeyGen (FIPS186-5) (A5142)RSA KeyGen (FIPS186-5) (A5142)Signature generation and verificationPCTSign and VerifyModule is operationalSHA2-256 and respective keysKey generation
HMAC-SHA2-256 (A5138)HMAC-SHA2-256 (A5138)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5139)HMAC-SHA2-256 (A5139)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5140)HMAC-SHA2-256 (A5140)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5141)HMAC-SHA2-256 (A5141)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5142)HMAC-SHA2-256 (A5142)Message authenticationSW/FW IntegrityOn demandManually
SHA-1 (A5137)SHA-1 (A5137)KATCASTOn demandManually
SHA-1 (A5138)SHA-1 (A5138)KATCASTOn demandManually
SHA-1 (A5139)SHA-1 (A5139)KATCASTOn demandManually
SHA-1 (A5140)SHA-1 (A5140)KATCASTOn demandManually
SHA-1 (A5141)SHA-1 (A5141)KATCASTOn demandManually
SHA-1 (A5142)SHA-1 (A5142)KATCASTOn demandManually
AES-ECB - Encrypt (A5138)AES-ECB - Encrypt (A5138)KATCASTOn demandManually
AES-ECB - Encrypt (A5139)AES-ECB - Encrypt (A5139)KATCASTOn demandManually
10 Self-Tests
10.1 Pre-Operational Self-Tests

HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 Table 21: Pre-Operational Self-Tests The module performs pre-operational self-tests automatically when the module is becoming available for the consuming application. Pre-operational self-tests ensure that the module is not corrupted. While the module is executing the pre-operational self-tests, services are not available, input and output are inhibited. The module is not available for use by the calling application until the pre-operational self-tests are completed successfully. After the pre-operational self-tests and the CASTs succeed, the module becomes operational. If any of the preoperational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the error state.

10.2 Conditional Self-Tests

N/A N/A © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 61

Libgcrypt cryptography module for AlmaLinux 9 N/A N/A N/A N/A AESCMAC AESCMAC © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 62

Libgcrypt cryptography module for AlmaLinux 9 AESCMAC AESCMAC © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 63

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 64

Libgcrypt cryptography module for AlmaLinux 9 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-256 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 65

Libgcrypt cryptography module for AlmaLinux 9 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 66

Libgcrypt cryptography module for AlmaLinux 9 HMACSHA2-512 HMACSHA3-224 HMACSHA3-224 HMACSHA3-224 HMACSHA3-256 HMACSHA3-256 HMACSHA3-256 HMACSHA3-384 HMACSHA3-384 HMACSHA3-384 HMACSHA3-512 HMACSHA3-512 HMACSHA3-512 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 67

Libgcrypt cryptography module for AlmaLinux 9 HMACSHA-1 HMACSHA-1 HMACSHA-1 HMACSHA-1 HMACSHA-1 HMACSHA-1 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 68

Libgcrypt cryptography module for AlmaLinux 9 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 69

Libgcrypt cryptography module for AlmaLinux 9 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 70

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 71

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 72
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesIndicatorConditions
RSA KeyGen (FIPS186-5) (A5140)RSA KeyGen (FIPS186-5) (A5140)Signature generation and verificationPCTSign and VerifySHA2-256 and respective keysModule is operationalKey generation
RSA KeyGen (FIPS186-5) (A5141)RSA KeyGen (FIPS186-5) (A5141)Signature generation and verificationPCTSign and VerifySHA2-256 and respective keysModule is operationalKey generation
RSA KeyGen (FIPS186-5) (A5142)RSA KeyGen (FIPS186-5) (A5142)Signature generation and verificationPCTSign and VerifySHA2-256 and respective keysModule is operationalKey generation
HMAC-SHA2-256 (A5138)HMAC-SHA2-256 (A5138)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5139)HMAC-SHA2-256 (A5139)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5140)HMAC-SHA2-256 (A5140)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5141)HMAC-SHA2-256 (A5141)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2-256 (A5142)HMAC-SHA2-256 (A5142)Message authenticationSW/FW IntegrityOn demandManually
SHA-1 (A5137)SHA-1 (A5137)KATCASTOn demandManually
SHA-1 (A5138)SHA-1 (A5138)KATCASTOn demandManually
SHA-1 (A5139)SHA-1 (A5139)KATCASTOn demandManually
SHA-1 (A5140)SHA-1 (A5140)KATCASTOn demandManually
SHA-1 (A5141)SHA-1 (A5141)KATCASTOn demandManually
SHA-1 (A5142)SHA-1 (A5142)KATCASTOn demandManually
AES-ECB - Encrypt (A5138)AES-ECB - Encrypt (A5138)KATCASTOn demandManually
AES-ECB - Encrypt (A5139)AES-ECB - Encrypt (A5139)KATCASTOn demandManually
AES-ECB - Encrypt (A5141)AES-ECB - Encrypt (A5141)KATCASTOn demandManually
AES-ECB - Encrypt (A5142)AES-ECB - Encrypt (A5142)KATCASTOn demandManually
AES-ECB - Decrypt (A5138)AES-ECB - Decrypt (A5138)KATCASTOn demandManually
AES-ECB - Decrypt (A5139)AES-ECB - Decrypt (A5139)KATCASTOn demandManually
AES-ECB - Decrypt (A5141)AES-ECB - Decrypt (A5141)KATCASTOn demandManually
AES-ECB - Decrypt (A5142)AES-ECB - Decrypt (A5142)KATCASTOn demandManually
AES-CMAC (A5138)AES-CMAC (A5138)KATCASTOn demandManually
AES-CMAC (A5139)AES-CMAC (A5139)KATCASTOn demandManually
AES-CMAC (A5141)AES-CMAC (A5141)KATCASTOn demandManually
AES-CMAC (A5142)AES-CMAC (A5142)KATCASTOn demandManually
Counter DRBG (A5138)Counter DRBG (A5138)KATCASTOn demandManually
Counter DRBG (A5139)Counter DRBG (A5139)KATCASTOn demandManually
Counter DRBG (A5141)Counter DRBG (A5141)KATCASTOn demandManually
Counter DRBG (A5142)Counter DRBG (A5142)KATCASTOn demandManually
Hash DRBG (A5138)Hash DRBG (A5138)KATCASTOn demandManually
Hash DRBG (A5139)Hash DRBG (A5139)KATCASTOn demandManually
Hash DRBG (A5140)Hash DRBG (A5140)KATCASTOn demandManually
Hash DRBG (A5141)Hash DRBG (A5141)KATCASTOn demandManually
Hash DRBG (A5142)Hash DRBG (A5142)KATCASTOn demandManually
HMAC DRBG (A5138)HMAC DRBG (A5138)KATCASTOn demandManually
HMAC DRBG (A5139)HMAC DRBG (A5139)KATCASTOn demandManually
HMAC DRBG (A5140)HMAC DRBG (A5140)KATCASTOn demandManually
HMAC DRBG (A5141)HMAC DRBG (A5141)KATCASTOn demandManually
HMAC DRBG (A5142)HMAC DRBG (A5142)KATCASTOn demandManually
ECDSA SigGen (FIPS186-5) (A5138)ECDSA SigGen (FIPS186-5) (A5138)KATCASTOn demandManually
ECDSA SigGen (FIPS186-5) (A5139)ECDSA SigGen (FIPS186-5) (A5139)KATCASTOn demandManually
ECDSA SigGen (FIPS186-5) (A5140)ECDSA SigGen (FIPS186-5) (A5140)KATCASTOn demandManually
ECDSA SigGen (FIPS186-5) (A5141)ECDSA SigGen (FIPS186-5) (A5141)KATCASTOn demandManually
ECDSA SigGen (FIPS186-5) (A5142)ECDSA SigGen (FIPS186-5) (A5142)KATCASTOn demandManually
ECDSA SigVer (FIPS186-5) (A5138)ECDSA SigVer (FIPS186-5) (A5138)KATCASTOn demandManually
ECDSA SigVer (FIPS186-5) (A5139)ECDSA SigVer (FIPS186-5) (A5139)KATCASTOn demandManually
ECDSA SigVer (FIPS186-5) (A5140)ECDSA SigVer (FIPS186-5) (A5140)KATCASTOn demandManually
ECDSA SigVer (FIPS186-5) (A5141)ECDSA SigVer (FIPS186-5) (A5141)KATCASTOn demandManually
ECDSA SigVer (FIPS186-5) (A5142)ECDSA SigVer (FIPS186-5) (A5142)KATCASTOn demandManually
HMAC-SHA2-224 (A5138)HMAC-SHA2-224 (A5138)KATCASTOn demandManually
HMAC-SHA2-224 (A5139)HMAC-SHA2-224 (A5139)KATCASTOn demandManually
HMAC-SHA2-224 (A5140)HMAC-SHA2-224 (A5140)KATCASTOn demandManually
HMAC-SHA2-224 (A5141)HMAC-SHA2-224 (A5141)KATCASTOn demandManually
HMAC-SHA2-224 (A5142)HMAC-SHA2-224 (A5142)KATCASTOn demandManually
HMAC-SHA2-256 (A5138)HMAC-SHA2-256 (A5138)KATCASTOn demandManually
HMAC-SHA2-256 (A5139)HMAC-SHA2-256 (A5139)KATCASTOn demandManually
HMAC-SHA2-256 (A5140)HMAC-SHA2-256 (A5140)KATCASTOn demandManually
HMAC-SHA2-256 (A5141)HMAC-SHA2-256 (A5141)KATCASTOn demandManually
HMAC-SHA2-256 (A5142)HMAC-SHA2-256 (A5142)KATCASTOn demandManually
HMAC-SHA2-384 (A5138)HMAC-SHA2-384 (A5138)KATCASTOn demandManually
HMAC-SHA2-384 (A5139)HMAC-SHA2-384 (A5139)KATCASTOn demandManually
HMAC-SHA2-384 (A5140)HMAC-SHA2-384 (A5140)KATCASTOn demandManually
HMAC-SHA2-384 (A5141)HMAC-SHA2-384 (A5141)KATCASTOn demandManually
HMAC-SHA2-384 (A5142)HMAC-SHA2-384 (A5142)KATCASTOn demandManually
HMAC-SHA2-512 (A5138)HMAC-SHA2-512 (A5138)KATCASTOn demandManually
HMAC-SHA2-512 (A5139)HMAC-SHA2-512 (A5139)KATCASTOn demandManually
HMAC-SHA2-512 (A5140)HMAC-SHA2-512 (A5140)KATCASTOn demandManually
HMAC-SHA2-512 (A5141)HMAC-SHA2-512 (A5141)KATCASTOn demandManually
HMAC-SHA2-512 (A5142)HMAC-SHA2-512 (A5142)KATCASTOn demandManually
HMAC-SHA3-224 (A5140)HMAC-SHA3-224 (A5140)KATCASTOn demandManually
HMAC-SHA3-224 (A5141)HMAC-SHA3-224 (A5141)KATCASTOn demandManually
HMAC-SHA3-224 (A5142)HMAC-SHA3-224 (A5142)KATCASTOn demandManually
HMAC-SHA3-256 (A5140)HMAC-SHA3-256 (A5140)KATCASTOn demandManually
HMAC-SHA3-256 (A5141)HMAC-SHA3-256 (A5141)KATCASTOn demandManually
HMAC-SHA3-256 (A5142)HMAC-SHA3-256 (A5142)KATCASTOn demandManually
HMAC-SHA3-384 (A5140)HMAC-SHA3-384 (A5140)KATCASTOn demandManually
HMAC-SHA3-384 (A5141)HMAC-SHA3-384 (A5141)KATCASTOn demandManually
HMAC-SHA3-384 (A5142)HMAC-SHA3-384 (A5142)KATCASTOn demandManually
HMAC-SHA3-512 (A5140)HMAC-SHA3-512 (A5140)KATCASTOn demandManually
HMAC-SHA3-512 (A5141)HMAC-SHA3-512 (A5141)KATCASTOn demandManually
HMAC-SHA3-512 (A5142)HMAC-SHA3-512 (A5142)KATCASTOn demandManually
HMAC-SHA-1 (A5137)HMAC-SHA-1 (A5137)KATCASTOn demandManually
HMAC-SHA-1 (A5138)HMAC-SHA-1 (A5138)KATCASTOn demandManually
HMAC-SHA-1 (A5139)HMAC-SHA-1 (A5139)KATCASTOn demandManually
HMAC-SHA-1 (A5140)HMAC-SHA-1 (A5140)KATCASTOn demandManually
HMAC-SHA-1 (A5141)HMAC-SHA-1 (A5141)KATCASTOn demandManually
HMAC-SHA-1 (A5142)HMAC-SHA-1 (A5142)KATCASTOn demandManually
RSA SigGen (FIPS186-5) (A5138)RSA SigGen (FIPS186-5) (A5138)KATCASTOn demandManually
RSA SigGen (FIPS186-5) (A5139)RSA SigGen (FIPS186-5) (A5139)KATCASTOn demandManually
RSA SigGen (FIPS186-5) (A5140)RSA SigGen (FIPS186-5) (A5140)KATCASTOn demandManually
RSA SigGen (FIPS186-5) (A5141)RSA SigGen (FIPS186-5) (A5141)KATCASTOn demandManually
RSA SigGen (FIPS186-5) (A5142)RSA SigGen (FIPS186-5) (A5142)KATCASTOn demandManually
RSA SigVer (FIPS186-5) (A5138)RSA SigVer (FIPS186-5) (A5138)KATCASTOn demandManually
RSA SigVer (FIPS186-5) (A5139)RSA SigVer (FIPS186-5) (A5139)KATCASTOn demandManually
RSA SigVer (FIPS186-5) (A5140)RSA SigVer (FIPS186-5) (A5140)KATCASTOn demandManually
RSA SigVer (FIPS186-5) (A5141)RSA SigVer (FIPS186-5) (A5141)KATCASTOn demandManually
RSA SigVer (FIPS186-5) (A5142)RSA SigVer (FIPS186-5) (A5142)KATCASTOn demandManually
SHA2-224 (A5138)SHA2-224 (A5138)KATCASTOn demandManually
SHA2-224 (A5139)SHA2-224 (A5139)KATCASTOn demandManually
SHA2-224 (A5140)SHA2-224 (A5140)KATCASTOn demandManually
SHA2-224 (A5141)SHA2-224 (A5141)KATCASTOn demandManually
SHA2-224 (A5142)SHA2-224 (A5142)KATCASTOn demandManually
SHA2-256 (A5138)SHA2-256 (A5138)KATCASTOn demandManually
SHA2-256 (A5139)SHA2-256 (A5139)KATCASTOn demandManually
SHA2-256 (A5140)SHA2-256 (A5140)KATCASTOn demandManually
SHA2-256 (A5141)SHA2-256 (A5141)KATCASTOn demandManually
SHA2-256 (A5142)SHA2-256 (A5142)KATCASTOn demandManually
SHA2-384 (A5138)SHA2-384 (A5138)KATCASTOn demandManually
SHA2-384 (A5139)SHA2-384 (A5139)KATCASTOn demandManually
SHA2-384 (A5140)SHA2-384 (A5140)KATCASTOn demandManually
SHA2-384 (A5141)SHA2-384 (A5141)KATCASTOn demandManually
SHA2-384 (A5142)SHA2-384 (A5142)KATCASTOn demandManually
SHA2-512 (A5138)SHA2-512 (A5138)KATCASTOn demandManually
SHA2-512 (A5139)SHA2-512 (A5139)KATCASTOn demandManually
SHA2-512 (A5140)SHA2-512 (A5140)KATCASTOn demandManually
SHA2-512 (A5141)SHA2-512 (A5141)KATCASTOn demandManually
SHA2-512 (A5142)SHA2-512 (A5142)KATCASTOn demandManually
SHA3-224 (A5140)SHA3-224 (A5140)KATCASTOn demandManually
SHA3-224 (A5141)SHA3-224 (A5141)KATCASTOn demandManually
SHA3-224 (A5142)SHA3-224 (A5142)KATCASTOn demandManually
SHA3-256 (A5140)SHA3-256 (A5140)KATCASTOn demandManually
SHA3-256 (A5141)SHA3-256 (A5141)KATCASTOn demandManually
SHA3-256 (A5142)SHA3-256 (A5142)KATCASTOn demandManually
SHA3-384 (A5140)SHA3-384 (A5140)KATCASTOn demandManually
SHA3-384 (A5141)SHA3-384 (A5141)KATCASTOn demandManually
SHA3-384 (A5142)SHA3-384 (A5142)KATCASTOn demandManually
SHA3-512 (A5140)SHA3-512 (A5140)KATCASTOn demandManually
SHA3-512 (A5141)SHA3-512 (A5141)KATCASTOn demandManually
SHA3-512 (A5142)SHA3-512 (A5142)KATCASTOn demandManually
PBKDF (A5138)PBKDF (A5138)KATCASTOn demandManually
PBKDF (A5139)PBKDF (A5139)KATCASTOn demandManually
PBKDF (A5140)PBKDF (A5140)KATCASTOn demandManually
PBKDF (A5141)PBKDF (A5141)KATCASTOn demandManually
PBKDF (A5142)PBKDF (A5142)KATCASTOn demandManually
ECDSA KeyGen (FIPS186-5) (A5138)ECDSA KeyGen (FIPS186-5) (A5138)Signature generation and verificationPCTOn demandManually
ECDSA KeyGen (FIPS186-5) (A5139)ECDSA KeyGen (FIPS186-5) (A5139)Signature generation and verificationPCTOn demandManually
ECDSA KeyGen (FIPS186-5) (A5140)ECDSA KeyGen (FIPS186-5) (A5140)Signature generation and verificationPCTOn demandManually
ECDSA KeyGen (FIPS186-5) (A5141)ECDSA KeyGen (FIPS186-5) (A5141)Signature generation and verificationPCTOn demandManually
ECDSA KeyGen (FIPS186-5) (A5142)ECDSA KeyGen (FIPS186-5) (A5142)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-5) (A5138)RSA KeyGen (FIPS186-5) (A5138)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-5) (A5139)RSA KeyGen (FIPS186-5) (A5139)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-5) (A5140)RSA KeyGen (FIPS186-5) (A5140)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-5) (A5141)RSA KeyGen (FIPS186-5) (A5141)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-5) (A5142)RSA KeyGen (FIPS186-5) (A5142)Signature generation and verificationPCTOn demandManually

Libgcrypt cryptography module for AlmaLinux 9 Table 22: Conditional Self-Tests

10.3 Periodic Self-Test Information

Table 23: Pre-Operational Periodic Information © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 73

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 74

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 75

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 76

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 77

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 78

Libgcrypt cryptography module for AlmaLinux 9 © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 79
Service
NameDescriptionRole AccessIndicator
Error StateThe module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited.Failure of pre- operational tests or conditional tests.An error message related to the cause of the failure (e.g. GPG_ERR_SELFTEST_FAILED).The error can be recovered by a restart (i.e., powering off and powering on) of the module.
Fatal Error stateThe module will abort and will not be available.Random numbers are requested in the error state or cipher operations are requested on a deallocated handle.The module is abortedThe error can be recovered by a restart (i.e., powering off and powering on) of the module.

Libgcrypt cryptography module for AlmaLinux 9 Table 24: Conditional Periodic Information This information can be found in Section 5.2.

10.4 Error States

Table 25: Error States application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P) API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the Operational state. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 80

Libgcrypt cryptography module for AlmaLinux 9 In the Error state, all data output is inhibited, and no cryptographic operation is allowed. The error can be recovered by a restart (i.e., powering off and powering on) of the module. If random numbers are requested while the module is in Error state, or if cipher operations are requested on a deallocated handle the module will transition to Fatal Error state, the module will abort and will not be available.

10.5 Operator Initiation of Self-Tests

The software integrity tests and the CASTs can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. The PCTs can be invoked on demand by requesting the Key Generation service. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 81

Libgcrypt cryptography module for AlmaLinux 9

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The Crypto Officer can install the libgcrypt-1.10.0-11.el9_2.tuxcare.1 RPM package of the Module using standard tools recommended for the installation of RPM packages on an Almalinux system (for example, DNF or RPM). The integrity of the RPM package is automatically verified during the installation, and the Crypto Officer shall not install the RPM package if there is any integrity error. Before the RPM package of the module is installed, the Almalinux 9 system must operate in Approved mode. This can be achieved by:

11.2 Administrator Guidance

All the functions, ports and logical interfaces described in this document are available to the Crypto Officer. The user must not call malloc/free to create/release space for keys, let libgcrypt manage space for keys, which will ensure that the key memory is overwritten before it is released. gcry_control(GCRYCTL_TERM_SECMEM) needs to be called before the process is terminated.

11.3 Non-Administrator Guidance

The module implements only the Crypto Officer. There are no requirements for non-administrator guidance.

11.4 End of Life

For secure sanitization of the cryptographic module, the module must first to be powered off, which will zeroize all keys and CSPs in volatile memory. Then, for actual deprecation, the module shall be upgraded to a newer version that is FIPS 140-3 validated. The module does not possess persistent storage of SSPs, so further sanitization steps are not required. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 82

Libgcrypt cryptography module for AlmaLinux 9

12 Mitigation of Other Attacks
12.1 Attack List
12.2 Mitigation Effectiveness

RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned. The blinding value r is a random value with the size of the modulus n. © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 83

Libgcrypt cryptography module for AlmaLinux 9 Appendix A. Glossary and Abbreviations AES CAVP CBC CMAC CMVP CSP CTR DRBG ECB FIPS GCM HMAC KAT KW MAC NIST PAA PAI PR PSP PSS RNG RSA SHA SSP XTS Advanced Encryption Standard Cryptographic Algorithm Validation Program Cipher Block Chaining Cipher-based Message Authentication Code Cryptographic Module Validation Program Critical Security Parameter Counter Mode Deterministic Random Bit Generator Electronic Code Book Federal Information Processing Standards Publication Galois Counter Mode Hash Message Authentication Code Known Answer Test AES Key Wrap Message Authentication Code National Institute of Science and Technology Processor Algorithm Acceleration Processor Algorithm Implementation Prediction Resistance Public Security Parameter Probabilistic Signature Scheme Random Number Generator Rivest, Shamir, Adleman Secure Hash Algorithm Sensitive Security Parameter XEX-based Tweaked-codebook mode with cipher text Stealing © 2026 Cloudlinux Inc., TuxCare division, atsec information security.

Page 84

Libgcrypt cryptography module for AlmaLinux 9 Appendix B. References FIPS140-3 FIPS140-3_IG FIPS180-4 FIPS186-2 FIPS186-4 FIPS186-5 FIPS197 FIPS198-1 SP800-38A SP800-38B SP800-38D SP800-38E SP800-38F SP800-52rev2 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf Digital Signature Standard (DSS) January 2000 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/detail/sp/800-38b/final NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf NIST Special Publication 800-52

Page 85

Libgcrypt cryptography module for AlmaLinux 9 SP800-56Arev3 SP800-56Crev2 SP800-90Arev1 SP800-90B SP800-108rev1 SP800-132 SP800-133rev2 SP800-135rev1 SP800-140Br1 August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf NIST Special Publication 800-56A

Referenced URLs