canmove, Confirmed users
937
edits
ModuleInterfaces: Difference between revisions
Jump to navigation
Jump to search
no edit summary
m (→PKCS #11) |
No edit summary |
||
| Line 1: | Line 1: | ||
''This is a draft'' | ''This is a draft'' | ||
== | == Physical Ports == | ||
The NSS module is a software-only implementation. All keys, encrypted data, and control information are exchanged through calls to library functions (logical interfaces). The physical ports; physical covers, doors, or openings; manual controls; and physical status indicators of the NSS module would be those of the general purpose computer it runs on. | |||
== | == Logical Interfaces == | ||
The logical interfaces of the NSS module consist of the following APIs. | |||
=== PKCS #11=== | |||
This defines NSS's PKCS #11 (Cryptoki) implementation. The API itself is considered to define the top edge of the cryptographic boundary, i.e., all application and upper level library access to the FIPS module is through this API. | |||
Also included in this module is the FIPS PKCS #11 token and the crypto algorithm support library called freebl. The FIPS PKCS #11 token is a Cryptoki token designed specifically for FIPS, and allows applications using NSS to operate in a strictly FIPS mode. | |||
=== S/MIME=== | === S/MIME=== | ||
Interfaces for S/MIME version 3 and PKCS#7 secure mail. Not part of the cryptographic boundary. | Interfaces for S/MIME version 3 and PKCS #7 secure mail. Not part of the cryptographic boundary. | ||
=== SSL/TLS=== | === SSL/TLS=== | ||
| Line 24: | Line 29: | ||
=== PKCS #12=== | === PKCS #12=== | ||
Interface for PKCS #12, Personal Information Storage and Retrieval. Used to allow import/export of certificates and private keys in a secure manner. | Interface for PKCS #12, Personal Information Storage and Retrieval. Used to allow import/export of certificates and private keys in a secure manner. Not part of cryptographic boundary. | ||
=== CRMF=== | === CRMF=== | ||