NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

Revision as of 01:17, 1 March 2006

This is a draft document


Document Description	DTR Section	Assessment
Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving	VE.07.01.01 VE.07.13.01 thru VE.07.17.01 VE.07.19.01 VE.07.24.01 VE.07.39.01 VE.07.40.01 VE.07.41.01 VE.07.42.01	Key Management
Description of key protection	VE.07.02.01 VE.07.03.01	Key Management
Proof of FIPS approved key generation - Provide a validation certificate from a NIST- accredited laboratory.	VE.07.11.01	Key Generation
Random number generator description	VE.07.09.01 VE.07.10.01 VE.07.12.01	RNG
Random number generator test	VE.07.08.01
Proof/affirmation that key distribution is FIPS approved - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.		(N/A)
Documentation of means to ensure entity association of stored keys	VE.07.13.01	Entity Association Assurance
Manually distributed secret keys		(N/A)
Manually distributed secret key procedures	VE.07.15.01 VE.07.15.02 VE.07.16.01	(N/A)
Key generation	VE.07.18.01 VE.07.21.01 VE.07.23.01 VE.07.25.01 VE.07.27.01 VE.07.28.01 VE.07.29.01	(N/A)

Return to: NSSCryptoModuleSpec

@@ Line 13: / Line 13: @@
 Status
 |-
-| '''Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving''' - 1.Key material: key types , function, format and how protected; 2. Key generation: generation process, types, & if generation algorithm is FIPS-approved; 3. Key distribution: technique, types distributed, if technique is FIPS-approved; 4. Key entry and output: use of manual or electronic entry/output, types of keys, procedures, and form (plaintext, encrypted, split knowledge) entered or output; 5. Key storage: types stored, where, and in what form; 6. Key destruction: technique, key types zeroized and why, security parameters zeroized and why, restrictions on when module can be zeroized; 7.Key archiving: technique, types archived, and whether encrypted for archiving|| [http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]
+| '''Specification of all aspects of key management; key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving'''||
-[http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]
-thru
+[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]
+ thru
 [http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]
 [http://wiki.mozilla.org/VE_07#VE.07.19.01 VE.07.19.01 ]
@@ Line 22: / Line 23: @@
 [http://wiki.mozilla.org/VE_07#VE.07.40.01 VE.07.40.01 ]
 [http://wiki.mozilla.org/VE_07#VE.07.41.01 VE.07.41.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.42.01 VE.07.42.01 ]
 || [http://wiki.mozilla.org/VE_07KeyMgmt Key Management]||
 |-
-| '''Description of key protection''' - Describe protection of all secret and/or private keys from unauthorized disclosure, modification and substitution. Describe protection of all public keys from unauthorized modification and substitution.||
+| '''Description of key protection'''||
 [http://wiki.mozilla.org/VE_07#VE.07.02.01 VE.07.02.01 ]
 [http://wiki.mozilla.org/VE_07#VE.07.03.01 VE.07.03.01 ]
@@ Line 33: / Line 35: @@
 || [http://wiki.mozilla.org/VE_07KeyMgmt Key Generation]||
 |-
-| '''Random number generator test''' - Provide 20, 000 consecutive bits from the random number generator for statistical testing per section 4.11 of FIPS PUB 140-1.|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ] || ||
+| '''Random number generator description'''|| [http://wiki.mozilla.org/VE_07#VE.07.09.01 VE.07.09.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.10.01 VE.07.10.01 ]
+[http://wiki.mozilla.org/VE_07#VE.07.12.01 VE.07.12.01 ]
+|| [http://wiki.mozilla.org/VE_07KeyMgmt RNG]||
+|-
+| '''Random number generator test'''|| [http://wiki.mozilla.org/VE_07#VE.07.08.01 VE.07.08.01 ]
+|| ||
 |-
 | '''Proof/affirmation that key distribution is FIPS approved''' - Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.
 || || (N/A) ||
 |-
-| '''Documentation of means to ensure entity association of stored keys''' - Describe the mechanisms or procedures used to ensure that each key will be associated with the correct entity (i.e. person, group or process) to which the keys will be assigned.||
+| '''Documentation of means to ensure entity association of stored keys'''||
 [http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]
 || [http://wiki.mozilla.org/VE_07KeyMgmt Entity Association Assurance]||
 |-
-| '''Manually distributed secret keys''' - Indicate the form in which the keys are entered or output (plaintext, split knowledge procedures, encrypted form)
+| '''Manually distributed secret keys'''
 || || (N/A) ||
 |-
-| '''Manually distributed secret key procedures''' - Indicate the form in which the keys are entered or output (using split knowledge procedures, encrypted form) If split knowledge procedures, specify separate operator auentication for each key component.||
+| '''Manually distributed secret key procedures'''||
 [http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ]
 [http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ]
@@ Line 51: / Line 59: @@
 || (N/A)  ||
 |-
-| ||
+| '''Key generation'''||
 [http://wiki.mozilla.org/VE_07#VE.07.18.01 VE.07.18.01 ]
 [http://wiki.mozilla.org/VE_07#VE.07.21.01 VE.07.21.01 ]

NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

Revision as of 01:17, 1 March 2006

Navigation menu

Search