Before you begin

  3 minute read  

Before beginning to incorporate NanoSSH Client into an application, get familiarized with some related documents and concepts, as well as the recommended general integration approach.

FIPS and Suite B support

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard used to accredit cryptographic modules. FIPS 140-2 validation is a requirement when selling products containing embedded cryptography to the U.S. government, and the standard has been increasingly adopted as a baseline requirement by regulated industries such as finance, manufacturing, and healthcare.

The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to FIPS 140-2 (see http://csrc.nist.gov/groups/STM/cmvp). For information about the FIPS 140-2-validated TrustCore SDK NanoCrypto FIPS binary, refer to the NIST website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.

To claim FIPS 140-2 validation for your product, a licensed TrustCore SDK NanoCrypto FIPS binary must be purchased and used with the product. Alternatively, you can conduct your own FIPS 140-2 validation.

Suite B cryptography is a set of cryptographic algorithms and protocols specified by NIST that are approved by the NSA for protecting classified and unclassified National Security Systems (NSS). TrustCore SDK API functions that are related to NSA Suite B cryptography are available only if NanoCrypto Advanced has been purchased. By default, only NanoCrypto Basic is included.

If your TrustCore SDK product is used with the TrustCore SDK FIPS binaries, then the Suite B algorithms are already included.

  • For information about operating system support and installing NanoSSH Client, refer to the Building TrustCore SDK Components guide and the Using TrustCore SDK NanoCrypto FIPS Binaries for Linux guide.
  • If there is no pre-configured TrustCore SDK port for the operating system, refer to Porting TrustCore SDK Code for detailed porting instructions.
  • For detailed API documentation, refer to the NanoSSH API Reference.

This guide assumes that you are already familiar with the following:

  • C programming: TrustCore SDK components are provided as ANSI C source (.c and.h files), distributed in a ZIP file. To use a components’ API, you need to be able to unzip it, integrate it with your application’s code, and understand how to interface to C-style structures and call C functions.
  • Your operating system: TrustCore SDK components are largely independent of the underlying operating system. However, within the context of your operating system, you should understand how to perform basic functions such as communicating with external devices.
  • Security concepts: This guide provides background information for working with TrustCore SDK products; however, neither cryptography nor basic security concepts such as handshaking, TCP/IP, and so on are covered. For information about such topics, you are encouraged to seek out reference books from authors experienced in the field, and to consult reference material that is available on the Internet.

General approach

Regardless of which product is being built or whether a system is being integrated with a TrustCore SDK licensed binary (such as FIPS), we recommend taking a staged approach to the integration:

  1. Build the example code.
  2. Customize the example code or use it as a model for the application’s integration.