Overview#

NSA Suite B Cryptography (Suite B) is a Deprecated National Security Agency (NSA) recommended a set of interoperable cryptographic algorithms is replaced by Commercial National Security Algorithm Suite (CNSA)

NSA Suite B Cryptography standard specifies a mode of operation in which only a specific set of secure cryptographic algorithms are used.

NSA Suite B Cryptography Cryptographic Algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting classified and unclassified National Security Systems (NSS).

NSA Suite B Cryptography:

• encryption algorithm (AES)
• key-Exchange algorithm (Elliptic Curve Diffie-Hellman, also known as ECDH)
• digital Signature algorithm (Elliptic Curve Digital Signature Algorithm (ECDSA)
• hashing algorithms (SHA-256 or SHA-384)

Additional NSA Suite B Cryptography items#

• NIST.SP.800-56A - Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
• IETF has:
• RFC 5759, Suite B Certificate and Certificate Revocation List (CRL) Profile
• RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
• RFC 6379, Suite B Cryptographic Suites for IPsec
• RFC 6460, Suite B Profile for Transport Layer Security (TLS)

• NSA Suite B Cryptography compliant profile for use with TLS 1.2. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
• A transitional profile for use with TLS 1.0 or TLS 1.1. This profile enables interoperability with non-NSA Suite B Cryptography compliant servers. When configured for NSA Suite B Cryptography transitional operation, additional encryption and hashing algorithms

may be used.

NSA Suite B Cryptography standard is conceptually similar to FIPS 140-2, because it restricts the set of enabled cryptographic algorithms in order to provide an Level Of Assurance.

More Information#

There might be more information for this subject on one of the following:

• Commercial National Security Algorithm Suite
• Menezes-Qu-Vanstone
• RFC 5759
• RFC 6239
• RFC 6379
• RFC 6460
• RFC 8423
• Suite B
• Web Blog_blogentry_100117_1

---

• [#1] - NSA_Suite_B_Cryptography - based on information obtained 2018-10-03-
• [#2] - Commercial National Security Algorithm Suite - based on information obtained 2019-10-30