NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

  DTR  

| '''Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving''' - 1.Key material: key types , function, format and how protected; 2. Key generation: generation process, types, & if generation algorithm is FIPS-approved; 3. Key distribution: technique, types distributed, if technique is FIPS-approved; 4. Key entry and output: use of manual or electronic entry/output, types of keys, procedures, and form (plaintext, encrypted, split knowledge) entered or output; 5. Key storage: types stored, where, and in what form; 6. Key destruction: technique, key types zeroized and why, security parameters zeroized and why, restrictions on when module can be zeroized; 7.Key archiving: technique, types archived, and whether encrypted for archiving|| [http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]

[http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ]

[http://wiki.mozilla.org/VE_07#VE.07.11.01 VE.07.11.01 ]

[http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]

[http://wiki.mozilla.org/VE_07#VE.07.19.01 VE.07.19.01 ]

|| [http://wiki.mozilla.org/VE_07KeyMgmt Key Management]||

| '''Description of key protection''' - Describe protection of all secret and/or private keys from unauthorized disclosure, modification and substitution. Describe protection of all public keys from unauthorized modification and substitution.||

[http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ]

|| ||

| '''Proof of FIPS approved key generation''' - Provide a validation certificate from a NIST- accredited laboratory.|| || ||

| '''Random number generator test''' - Provide 20, 000 consecutive bits from the random number generator for statistical testing per section 4.11 of FIPS PUB 140-1.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || ||

| '''Proof/affirmation that key distribution is FIPS approved''' - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || ||

| '''Documentation of means to ensure entity association of stored keys''' - Describe the mechanisms or procedures used to ensure that each key will be associated with the correct entity (i.e. person, group or process) to which the keys will be assigned.||

[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]

|| ||

| '''Manually distributed secret keys''' - Indicate the form in which the keys are entered or output (plaintext, split knowledge procedures, encrypted form)

|| || ||

| '''Manually distributed secret key procedures''' - Indicate the form in which the keys are entered or output (using split knowledge procedures, encrypted form) If split knowledge procedures, specify separate operator auentication for each key component.||

| || [http://wiki.mozilla.org/VE_07#VE.07.25.01 VE.07.25.01 ] || ||

| || [http://wiki.mozilla.org/VE_07#VE.07.27.01 VE.07.27.01 ] || (N/A) ||

| || [http://wiki.mozilla.org/VE_07#VE.07.28.01 VE.07.28.01 ] || ||

| || [http://wiki.mozilla.org/VE_07#VE.07.29.01 VE.07.29.01 ] || ||

| || [http://wiki.mozilla.org/VE_07#VE.07.39.01 VE.07.39.01 ] || ||

| || [http://wiki.mozilla.org/VE_07#VE.07.40.01 VE.07.40.01 ] || ||