User notes
A cryptographic operation may have cryptographic mode(s) of operation associated with it. If this is the case, then the cryptographic mode(s) must be specified. Examples of cryptographic modes of operation are cipher block chaining, output feedback mode, electronic code book mode, and cipher feedback mode.
Cryptographic operations may be used to support one or more TOE security services. The FCS_COP component may need to be iterated more than once depending on:
a) the user application for which the security service is being used.
b) the use of different cryptographic algorithms and/or cryptographic key sizes.
c) the type or sensitivity of the data being operated on.
If FAU_GEN Security audit data generation is included in the PP/ST then, in the context of the cryptographic operation events being audited:
a) The types of cryptographic operation may include digital signature generation and/or verification, cryptographic checksum generation for integrity and/or for verification of checksum, secure hash (message digest) computation, data encryption and/or decryption, cryptographic key encryption and/or decryption, cryptographic key agreement and random number generation.
b) The subject attributes may include subject role(s) and user(s) associated with the subject.
c) The object attributes may include the assigned user for the cryptographic key, user role, cryptographic operation the cryptographic key is to be used for, cryptographic key identifier, and the cryptographic key validity period.