NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

Latest revision as of 12:03, 11 May 2015

This is a draft document


Document Description	DTR Section	Assessment	Status
Specification of all aspects of key management; key generation, key establishment, key entry and output, key storage, and key zeroization.	VE.07.03.01 VE.07.13.01 through VE.07.17.01 VE.07.19.01 VE.07.24.01 VE.07.39.01 VE.07.40.01 VE.07.41.01	Key Management Key Zeroization	draft
Description of key protection	VE.07.01.01 VE.07.02.01	Key Management	draft
Proof of FIPS approved key generation	VE.07.11.01	Key Generation	draft
Security of key generation method	VE.07.13.01	Key Generation	draft
Random number generator description	VE.07.08.01 VE.07.09.01 VE.07.10.01	RNG	draft
Documentation of means to ensure entity association of stored keys	VE.07.39.01	Entity Association Assurance	draft
Output of intermediate key generation values	VE.07.15.01 VE.07.15.02	No intermediate key generation values are output from the cryptographic module upon completion of the key generation process.	draft
Key generation methods employed by the cryptographic module	VE.07.16.01	Key Generation	draft
Key establishment	VE.07.17.01 VE.07.18.01 VE.07.19.01 VE.07.21.01	Key Establishment Techniques	draft
Key entry and output methods	VE.07.23.01 VE.07.24.01 VE.07.27.01 VE.07.28.01 VE.07.29.01	Key Entry and Output Methods	draft
Documentation of means to ensure entity association of entered or output keys	VE.07.25.01	Entity Association Assurance	draft
Manual key entry test	VE.09.40.01 VE.09.40.02	N/A. Manual key entry and output methods are not employed by the cryptographic module.	draft

Return to: NSSCryptoModuleSpec

@@ Line 1: / Line 1: @@
+''This is a draft document''
 {| border="1" cellpadding="2"
 |+
@@ Line 5: / Line 6: @@
 Document Description
 !
-  DTR
+DTR
 Section
 !
@@ Line 12: / Line 13: @@
 Status
 |-
-| '''Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving''' - 1.Key material: key types , function, format and how protected; 2. Key generation: generation process, types, & if generation algorithm is FIPS-approved; 3. Key distribution: technique, types distributed, if technique is FIPS-approved; 4. Key entry and output: use of manual or electronic entry/output, types of keys, procedures, and form (plaintext, encrypted, split knowledge) entered or output; 5. Key storage: types stored, where, and in what form; 6. Key destruction: technique, key types zeroized and why, security parameters zeroized and why, restrictions on when module can be zeroized; 7.Key archiving: technique, types archived, and whether encrypted for archiving|| [http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]
+| '''Specification of all aspects of key management;'''<br> key generation, key establishment, key entry and output, key storage, and key zeroization.||
-[http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ]  <br>
-thru
+[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]<br>
-[http://wiki.mozilla.org/VE_07#VE.07.11.01 VE.07.11.01 ]
+through<br>
-[http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]<br>
-[http://wiki.mozilla.org/VE_07#VE.07.19.01 VE.07.19.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.19.01 VE.07.19.01 ]<br>
-|| [http://wiki.mozilla.org/VE_07KeyMgmt Key Management]||
+[http://wiki.mozilla.org/VE_07#VE.07.24.01 VE.07.24.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.39.01 VE.07.39.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.40.01 VE.07.40.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.41.01 VE.07.41.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt Key Management]<br> [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Zeroization Key Zeroization]
+|| draft
 |-
-| '''Description of key protection''' - Describe protection of all secret and/or private keys from unauthorized disclosure, modification and substitution. Describe protection of all public keys from unauthorized modification and substitution.||
+| '''Description of key protection'''||
+[http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]<br>
 [http://wiki.mozilla.org/VE_07#VE.07.02.01 VE.07.02.01 ]
-[http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt Key Management]
-|| ||
+|| draft
 |-
-| '''Proof of FIPS approved key generation''' - Provide a validation certificate from a NIST- accredited laboratory.|| || ||
+| '''Proof of FIPS approved key generation'''||
+[http://wiki.mozilla.org/VE_07#VE.07.11.01 VE.07.11.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation Key Generation]
+|| draft
 |-
-| '''Random number generator test''' - Provide 20, 000 consecutive bits from the random number generator for statistical testing per section 4.11 of FIPS PUB 140-1.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || ||
+| '''Security of key generation method'''||
+[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation Key Generation]
+|| draft
 |-
-| '''Proof/affirmation that key distribution is FIPS approved''' - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || ||
+| '''Random number generator description'''|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.10.01 VE.07.10.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Random_Number_Generator RNG]
+|| draft
 |-
-| '''Documentation of means to ensure entity association of stored keys''' - Describe the mechanisms or procedures used to ensure that each key will be associated with the correct entity (i.e. person, group or process) to which the keys will be assigned.||
+| '''Documentation of means to ensure entity association of stored keys'''||
-[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.39.01 VE.07.39.01 ]
-|| ||
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Entity_Association_Assurance Entity Association Assurance]
+|| draft
 |-
-| '''Manually distributed secret keys''' - Indicate the form in which the keys are entered or output (plaintext, split knowledge procedures, encrypted form)
+| '''Output of intermediate key generation values'''||
-|| || ||
+[http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ]
+|| No intermediate key generation values are output from the cryptographic module upon completion of the key generation process.
+|| draft
 |-
-| '''Manually distributed secret key procedures''' - Indicate the form in which the keys are entered or output (using split knowledge procedures, encrypted form) If split knowledge procedures, specify separate operator auentication for each key component.||
+| '''Key generation methods employed by the cryptographic module'''||
-[http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ]
-[http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ]
 [http://wiki.mozilla.org/VE_07#VE.07.16.01 VE.07.16.01 ]
-|| (N/A)  ||
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Generation Key Generation]
-|-
+|| draft
-| || [http://wiki.mozilla.org/VE_07#VE.07.18.01 VE.07.18.01 ] || (N/A) ||
-|-
-| || [http://wiki.mozilla.org/VE_07#VE.07.21.01 VE.07.21.01 ] || ||
-|-
-| || [http://wiki.mozilla.org/VE_07#VE.07.23.01 VE.07.23.01 ] || (N/A) ||
-|-
-| || [http://wiki.mozilla.org/VE_07#VE.07.24.01 VE.07.24.01 ] || ||
-|-
-| || [http://wiki.mozilla.org/VE_07#VE.07.25.01 VE.07.25.01 ] || ||
-|-
-| || [http://wiki.mozilla.org/VE_07#VE.07.27.01 VE.07.27.01 ] || (N/A) ||
 |-
-| || [http://wiki.mozilla.org/VE_07#VE.07.28.01 VE.07.28.01 ] || ||
+| '''Key establishment'''
+|| [http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.18.01 VE.07.18.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.19.01 VE.07.19.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.21.01 VE.07.21.01 ]<br>
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Establishment_Techniques Key Establishment Techniques]
+|| draft
 |-
-| || [http://wiki.mozilla.org/VE_07#VE.07.29.01 VE.07.29.01 ] || ||
+| '''Key entry and output methods'''||
+[http://wiki.mozilla.org/VE_07#VE.07.23.01 VE.07.23.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.24.01 VE.07.24.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.27.01 VE.07.27.01 ]<br>
+[http://wiki.mozilla.org/VE_07#VE.07.28.01 VE.07.28.01 ]<br> [http://wiki.mozilla.org/VE_07#VE.07.29.01 VE.07.29.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Key_Entry_and_Output_Methods Key Entry and Output Methods]
+|| draft
 |-
-| || [http://wiki.mozilla.org/VE_07#VE.07.39.01 VE.07.39.01 ] || ||
+| '''Documentation of means to ensure entity association of entered or output keys'''||
+[http://wiki.mozilla.org/VE_07#VE.07.25.01 VE.07.25.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt#Entity_Association_Assurance Entity Association Assurance]
+|| draft
 |-
-| || [http://wiki.mozilla.org/VE_07#VE.07.40.01 VE.07.40.01 ] || ||
+| '''Manual key entry test'''||
+[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ]<br>
+[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ]
+|| N/A. Manual key entry and output methods are not employed by the cryptographic module.
+|| draft
 |-
-| || [http://wiki.mozilla.org/VE_07#VE.07.41.01 VE.07.41.01 ] || ||
 |}
 Return to: [[NSSCryptoModuleSpec]]

NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

Latest revision as of 12:03, 11 May 2015

Navigation menu

Search