198
edits
NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions
NSSCryptoModuleSpec/Section 7: Cryptographic Key Management (view source)
Revision as of 01:14, 22 February 2006
, 22 February 2006no edit summary
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
Status | Status | ||
|- | |- | ||
| Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving - 1.Key material: key types , function, format and how protected; 2. Key generation: generation process, types, & if generation algorithm is FIPS-approved; 3. Key distribution: technique, types distributed, if technique is FIPS-approved; 4. Key entry and output: use of manual or electronic entry/output, types of keys, procedures, and form (plaintext, encrypted, split knowledge) entered or output; 5. Key storage: types stored, where, and in what form; 6. Key destruction: technique, key types zeroized and why, security parameters zeroized and why, restrictions on when module can be zeroized; 7.Key archiving: technique, types archived, and whether encrypted for archiving|| [http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ] | | '''Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving''' - 1.Key material: key types , function, format and how protected; 2. Key generation: generation process, types, & if generation algorithm is FIPS-approved; 3. Key distribution: technique, types distributed, if technique is FIPS-approved; 4. Key entry and output: use of manual or electronic entry/output, types of keys, procedures, and form (plaintext, encrypted, split knowledge) entered or output; 5. Key storage: types stored, where, and in what form; 6. Key destruction: technique, key types zeroized and why, security parameters zeroized and why, restrictions on when module can be zeroized; 7.Key archiving: technique, types archived, and whether encrypted for archiving|| [http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ] | ||
[http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ] | [http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ] | ||
thru | thru | ||
| Line 20: | Line 20: | ||
|| || | || || | ||
|- | |- | ||
| Description of key protection - Describe protection of all secret and/or private keys from unauthorized disclosure, modification and substitution. Describe protection of all public keys from unauthorized modification and substitution.|| | | '''Description of key protection''' - Describe protection of all secret and/or private keys from unauthorized disclosure, modification and substitution. Describe protection of all public keys from unauthorized modification and substitution.|| | ||
[http://wiki.mozilla.org/VE_07#VE.07.02.01 VE.07.02.01 ] | [http://wiki.mozilla.org/VE_07#VE.07.02.01 VE.07.02.01 ] | ||
[http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ] | [http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ] | ||
|| || | || || | ||
|- | |- | ||
| Proof of FIPS approved key generation - Provide a validation certificate from a NIST- accredited laboratory.|| || || | | '''Proof of FIPS approved key generation''' - Provide a validation certificate from a NIST- accredited laboratory.|| || || | ||
|- | |- | ||
| Random number generator test - Provide 20, 000 consecutive bits from the random number generator for statistical testing per section 4.11 of FIPS PUB 140-1.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || || | | '''Random number generator test''' - Provide 20, 000 consecutive bits from the random number generator for statistical testing per section 4.11 of FIPS PUB 140-1.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || || | ||
|- | |- | ||
| Proof/affirmation that key distribution is FIPS approved - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || || | | '''Proof/affirmation that key distribution is FIPS approved''' - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || || | ||
|- | |- | ||
| | | '''Documentation of means to ensure entity association of stored keys''' - Describe the mechanisms or procedures used to ensure that each key will be associated with the correct entity (i.e. person, group or process) to which the keys will be assigned.|| | ||
| | [http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ] | ||
|| || | |||
|- | |- | ||
| || | | '''Manually distributed secret keys''' - Indicate the form in which the keys are entered or output (plaintext, split knowledge procedures, encrypted form) | ||
|| || || | |||
|- | |- | ||
| || [http://wiki.mozilla.org/VE_07#VE.07.16.01 VE.07.16.01 ] || || | | '''Manually distributed secret key procedures''' - Indicate the form in which the keys are entered or output (using split knowledge procedures, encrypted form) If split knowledge procedures, specify separate operator auentication for each key component.|| | ||
[http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ] | |||
[http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ] | |||
[http://wiki.mozilla.org/VE_07#VE.07.16.01 VE.07.16.01 ] | |||
|| (N/A) || | |||
|- | |- | ||
| || [http://wiki.mozilla.org/VE_07#VE.07.18.01 VE.07.18.01 ] || (N/A) || | | || [http://wiki.mozilla.org/VE_07#VE.07.18.01 VE.07.18.01 ] || (N/A) || | ||