Compatibility
The Lexmark PrintCryption Card provides support for the Advanced Encryption Standard (Rijndael algorithm) to meet FIPS-197 requirements. The printer must be connected to the TCP/IP network using the standard Ethernet connection in the network printer models. Unique TCP/IP port numbers are used for the encrypted print information. The card decrypts and prints the information appropriate for the port: Port 9150 – persistent key management and control for RSA public and private key pairs; Port 9151 – used for data encrypted with an AES persistent key; Port 9152 – used for data encrypted with an AES session key.
Standards Requirements
Federal Information Processing Standard (FIPS-197) for the Advanced Encryption Standard: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf This standard specifies Rijndael as an FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. Questions and Answers on this Standard can be found at this URL: http://csrc.nist.gov/encryption/aes/round2/aesfact.html Firmware and software in this product utilize a FIPS.140 certified library.
Information about keys:
This product uses only confidentiality keys. It does not use signature or authentication keys. The confidentiality keys used do not incorporate any provisions for key escrow or key recovery. There are no backdoors or other provisions for exceptional access to the data being encrypted. The AES specifies three key sizes: 128, 192 and 256 bits. In decimal terms, this means that for each, there are approximately: 3.4 x 10^38 possible 128-bit keys; 6.2 x 10^57 possible 192-bit keys; 1.1 x 10^77 possible 256-bit keys. In comparison, NIST's Data Encryption Standard (DES) keys are 56 bits long, which means there are approximately 7.2 x 10^16 possible DES keys. Thus, there are on the order of 10^21 times more AES 128-bit keys than DES 56-bit keys. DES was a U.S. Government standard for approximately twenty years before it was able to be "cracked" by massive parallel network computer attacks and special-purpose "DES-cracking" hardware. The AES supports significantly larger key sizes than the DES. Barring any attacks against AES that are faster than key exhaustion, then even with future advances in technology, AES has the potential to remain secure for more than twenty years.
Export Restrictions:
These products have been classified by the US Bureau of Industry and Security under ECCN 5D002 (c.1) as retail encryption items (commodities, technology or software) exportable to certain countries under License Exception ENC, Section 740.17 (b) (3) of the Export Administration Regulations. These products are subject to U.S. export control laws and may be subject to export or import regulations in other countries. Licenses and approvals to export, re-export, or import this product may be required after delivery. These products may not be exported or re-exported to any countries (or any nationals of such countries) that support international terrorism, including, but not limited to, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. These products may not be exported for use in the design, development, production or use of nuclear, biological or chemical weapons.