Overview#NSA Suite B Cryptography (Suite B) is a National Security Agency (NSA) recommended a set of interoperable cryptographic algorithms.
NSA Suite B Cryptography:
- encryption algorithm (AES)
- key-Exchange algorithm (Elliptic Curve Diffie-Hellman, also known as ECDH)
- digital Signature algorithm (Elliptic Curve Digital Signature Algorithm (ECDSA)
- hashing algorithms (SHA-256 or SHA-384)
Additional NSA Suite B Cryptography items#
- NIST.SP.800-56A - Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
- IETF has:
- RFC 5759, Suite B Certificate and Certificate Revocation List (CRL) Profile
- RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
- RFC 6379, Suite B Cryptographic Suites for IPsec
- RFC 6460, Suite B Profile for Transport Layer Security (TLS)
- NSA Suite B Cryptography compliant profile for use with TLS 1.2. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
- A transitional profile for use with TLS 1.0 or TLS 1.1. This profile enables interoperability with non-NSA Suite B Cryptography compliant servers. When configured for NSA Suite B Cryptography transitional operation, additional encryption and hashing algorithms