| The "NSA-Grade" part mostly comes from the application of AES-256 as a cipher, where specific configurations of AES were approved as "Suite B" (i.e. published algorithm) ciphers suitable for up to Top Secret information. From https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms: - Advanced Encryption Standard (AES), per FIPS 197, using 256 bit keys to protect up to TOP SECRET - Elliptic Curve Diffie-Hellman (ECDH) Key Exchange, per FIPS SP 800-56A, using Curve P-384 to protect up to TOP SECRET. - Elliptic Curve Digital Signature Algorithm (ECDSA), per FIPS 186-4
Secure Hash Algorithm (SHA), per FIPS 180-4, using SHA-384 to protect up to TOP SECRET. - Diffie-Hellman (DH) Key Exchange, per RFC 3526, minimum 3072-bit modulus to protect up to TOP SECRET - RSA for key establishment (NIST SP 800-56B rev 1) and digital signatures (FIPS 186-4), minimum 3072-bit modulus to protect up to TOP SECRET |