Annex E
(informative)

Cryptographic support (FCS)

The TSF may employ cryptographic functionality to help satisfy several high-level security objectives. These include (but are not limited to): identification and authentication, non-repudiation, trusted path, trusted channel and data separation. This class is used when the TOE implements cryptographic functions, the implementation of which could be in hardware, firmware and/or software.

The FCS class is composed of two families: FCS_CKM Cryptographic key management and FCS_COP Cryptographic operation . The FCS_CKM family addresses the management aspects of cryptographic keys, while the FCS_COP family is concerned with the operational use of those cryptographic keys.

Figure E.1 shows the decomposition of this class into its constituent components.


Figure E.1 - Cryptographic support class decomposition

For each cryptographic key generation method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.1 Cryptographic key generation component.

For each cryptographic key distribution method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.2 Cryptographic key distribution component.

For each cryptographic key access method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.3 Cryptographic key access component.

For each cryptographic key destruction method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.4 Cryptographic key destruction component.

For each cryptographic operation (such as digital signature, data encryption, key agreement, secure hash, etc.) performed by the TOE, if any, the PP/ST author should select the FCS_COP.1 Cryptographic operation component.

Cryptographic functionality may be used to meet objectives specified in class FCO, and in families FDP_DAU, FDP_SDI, FDP_UCT, FDP_UIT, FIA_SOS, FIA_UAU, to meet a variety of objectives. In the cases where cryptographic functionality is used to meet objectives for other classes, the individual functional components specify the objectives that cryptographic functionality must satisfy. The objectives in class FCS should be used when cryptographic functionality of the TOE is sought by consumers.