Security Target, Version 3.9 March 18, 2008Nortel VPN Router v7.05 and Client Workstation v7.11 Page 24 of 67© 2008 Nortel Networks5.1.2 Class FCS: Cryptographic SupportFCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman)Hierarchical to: No other components.FCS_CKM.1.1(a)The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generationalgorithm [Diffie-Hellman] and specified cryptographic key sizes [1024, 1536 bit keys] that meet thefollowing: [RFC 2631].Dependencies: [FCS_CKM.2 Cryptographic key distribution, orFCS_COP.1 Cryptographic operation]FCS_CKM.4 Cryptographic key destructionFMT_MSA.2 Secure security attributesFCS_CKM.1(b) Cryptographic key generation (RSA)Hierarchical to: No other components.FCS_CKM.1.1(b)The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generationalgorithm [RSA] and specified cryptographic key sizes [1024, 2048 bits] that meet the following: [RFC3447].Dependencies: [FCS_CKM.2 Cryptographic key distribution, orFCS_COP.1 Cryptographic operation]FCS_CKM.4 Cryptographic key destructionFMT_MSA.2 Secure security attributesFCS_CKM.4 Cryptographic key destructionHierarchical to: No other components.FCS_CKM.4.1The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destructionmethod [zeroization] that meets the following: [FIPS 140-2].Dependencies: [FDP_ITC.1 Import of user data without security attributes, orFDP_ITC.2 Import of user data with security attributes, orFCS_CKM.1 Cryptographic key generation]FMT_MSA.2 Secure security attributesFCS_COP.1(a) Cryptographic operation (encryption and decryption)Hierarchical to: No other components.