Overview#
NSA Suite B Cryptography (Suite B) is a National Security Agency (NSA) recommended a set of interoperable cryptographic algorithms.NSA Suite B Cryptography standard specifies a mode of operation in which only a specific set of secure cryptographic algorithms are used.
NSA Suite B Cryptography:
- encryption algorithm (AES)
- key-Exchange algorithm (Elliptic Curve Diffie-Hellman, also known as ECDH)
- digital Signature algorithm (Elliptic Curve Digital Signature Algorithm (ECDSA)
- hashing algorithms (SHA-256 or SHA-384)
Additional NSA Suite B Cryptography items#
- NIST.SP.800-56A - Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
- IETF has:
- RFC 5759, Suite B Certificate and Certificate Revocation List (CRL) Profile
- RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
- RFC 6379, Suite B Cryptographic Suites for IPsec
- RFC 6460, Suite B Profile for Transport Layer Security (TLS)
- NSA Suite B Cryptography compliant profile for use with TLS 1.2. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
- A transitional profile for use with TLS 1.0 or TLS 1.1. This profile enables interoperability with non-NSA Suite B Cryptography compliant servers. When configured for NSA Suite B Cryptography transitional operation, additional encryption and hashing algorithms
NSA Suite B Cryptography standard is conceptually similar to FIPS 140-2, because it restricts the set of enabled cryptographic algorithms in order to provide an Level Of Assurance.
More Information#
There might be more information for this subject on one of the following:- [#1] - NSA_Suite_B_Cryptography
- based on information obtained 2018-10-03-
