Changes

FIPS Operational Environment

440 bytes added, 00:35, 9 June 2006

no edit summary

Below we describe how to specify the set of roles that can access each component of the NSS module.

===Access to Stored Cryptographic Software and Cryptographic Programs===

When installing the NSS library files, the operator shall use the <code>chmod</code> utility to set the file mode bits of the NSS library files to '''0755''', making them readable, writable, and executable by the owner; and readable and executable by everyone. For example,

$ chmod 0755 libsoftokn3.so libfreebl3.so

-rwxr-xr-x 1 wtchang wtchang 1052734 Jun 8 17:07 libsoftokn3.so

===Access to Cryptographic Keys, CSPs, and Plaintext Data===~~The NSS module creates its database files with the '''0600''' permission bits, making them readable and writable by the owner only.~~

~~===Audit Data===~~Cryptographic keys, CSPs, and plaintext data are stored in the NSS databases. The NSS module creates its database files with the '''0600''' permission bits, making them readable and writable by the owner only. For example, $ ls -l *.db -rw------- 1 wtchang wtchang 65536 May 15 22:16 cert8.db -rw------- 1 wtchang wtchang 32768 May 15 22:16 key3.db -rw------- 1 wtchang wtchang 32768 May 15 22:15 secmod.db

===Access to Audit Data=== The NSS module uses the audit mechanism provided by the operating system ~~enforces that~~ to audit events, so the NSS audit data are stored in the system audit log. The system audit log can only be read or modified by the root user.

===Entry of Cryptographic Keys and CSPs===

'''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs.

Wtchang

Canmove, confirm

937

edits

Changes

FIPS Operational Environment

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools