NSSCryptoModuleSpec/Section 7: Cryptographic Key Management: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
No edit summary
Line 13: Line 13:
Status
Status
|-
|-
| '''Specification of all aspects of key management;'''<br> key material, key generation, key distribution, key entry & output, key storage, key destruction, key archiving.||
| '''Specification of all aspects of key management;'''<br> key material, key generation, key establishment, key entry and output, key storage, and key zeroization.||
[http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]  <br>
[http://wiki.mozilla.org/VE_07#VE.07.01.01 VE.07.01.01 ]  <br>
[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]<br>
[http://wiki.mozilla.org/VE_07#VE.07.13.01 VE.07.13.01 ]<br>
Line 48: Line 48:
|| draft
|| draft
|-
|-
| '''Proof/affirmation that key distribution is FIPS approved''' -<br>Provide a validation certificate issued by a NIST-accredited laboratory or provide written affirmation that the key distribution technique is FIPS-approved.
| '''Proof/affirmation that key establishment is FIPS approved''' -<br>Provide documentation stating that the key establishment technique is FIPS-approved.
|| || (N/A)
|| [http://wiki.mozilla.org/VE_07#VE.07.17.01 VE.07.17.01 ]
|| The following FIPS Approved key establishment techniques listed in Annex D to FIPS PUB  140-2 are used: Diffie-Hellman (key agreement) and Key Wrapping using RSA keys.
|| draft
|| draft
|-
|-
Line 57: Line 58:
|| draft
|| draft
|-
|-
| '''Manually distributed secret keys'''
| '''Output of intermediate key generation values'''||
|| || (N/A)
[http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ]<br>
[http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ]
|| No intermediate key generation values are output from the cryptographic module upon completion of the key generation process.
|| draft
|| draft
|-
|-
| '''Manually distributed secret key procedures'''||
| '''Key generation methods employed by the cryptographic module'''||
[http://wiki.mozilla.org/VE_07#VE.07.15.01 VE.07.15.01 ]<br>
[http://wiki.mozilla.org/VE_07#VE.07.15.02 VE.07.15.02 ]<br>
[http://wiki.mozilla.org/VE_07#VE.07.16.01 VE.07.16.01 ]
[http://wiki.mozilla.org/VE_07#VE.07.16.01 VE.07.16.01 ]
|| (N/A)
|| (N/A)

Revision as of 22:58, 8 May 2006

This is a draft document

Document Description

DTR Section

Assessment

Status

Specification of all aspects of key management;
key material, key generation, key establishment, key entry and output, key storage, and key zeroization.

VE.07.01.01
VE.07.13.01
through
VE.07.17.01
VE.07.19.01
VE.07.24.01
VE.07.39.01
VE.07.40.01
VE.07.41.01
VE.07.42.01

Key Management draft
Description of key protection

VE.07.02.01
VE.07.03.01

Key Management draft
Proof of FIPS approved key generation -
Provide a validation certificate from a NIST- accredited laboratory.

VE.07.11.01

Key Generation draft
Random number generator description VE.07.09.01

VE.07.10.01
VE.07.12.01

RNG draft
Random number generator test VE.07.08.01 draft
Proof/affirmation that key establishment is FIPS approved -
Provide documentation stating that the key establishment technique is FIPS-approved. 		VE.07.17.01 The following FIPS Approved key establishment techniques listed in Annex D to FIPS PUB 140-2 are used: Diffie-Hellman (key agreement) and Key Wrapping using RSA keys. draft
Documentation of means to ensure entity association of stored keys

VE.07.13.01

Entity Association Assurance draft
Output of intermediate key generation values

VE.07.15.01
VE.07.15.02

No intermediate key generation values are output from the cryptographic module upon completion of the key generation process. draft
Key generation methods employed by the cryptographic module

VE.07.16.01

(N/A) draft
Key generation

VE.07.18.01
VE.07.21.01
VE.07.23.01
VE.07.25.01
VE.07.27.01
VE.07.28.01
VE.07.29.01

(N/A) draft

Return to: NSSCryptoModuleSpec

Retrieved from "https://wiki.allizom.org/index.php?title=NSSCryptoModuleSpec/Section_7:_Cryptographic_Key_Management&oldid=25316"