canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 9: | Line 9: | ||
Below we describe how to specify the set of roles that can access each component of the NSS module. | Below we describe how to specify the set of roles that can access each component of the NSS module. | ||
===Stored Cryptographic Software and Cryptographic Programs=== | ===Access to Stored Cryptographic Software and Cryptographic Programs=== | ||
When installing the NSS library files, the operator shall use the <code>chmod</code> utility to set the file mode bits of the NSS library files to '''0755''', making them readable, writable, and executable by the owner; and readable and executable by everyone. For example, | When installing the NSS library files, the operator shall use the <code>chmod</code> utility to set the file mode bits of the NSS library files to '''0755''', making them readable, writable, and executable by the owner; and readable and executable by everyone. For example, | ||
$ chmod 0755 libsoftokn3.so libfreebl3.so | $ chmod 0755 libsoftokn3.so libfreebl3.so | ||
| Line 17: | Line 17: | ||
-rwxr-xr-x 1 wtchang wtchang 1052734 Jun 8 17:07 libsoftokn3.so | -rwxr-xr-x 1 wtchang wtchang 1052734 Jun 8 17:07 libsoftokn3.so | ||
===Cryptographic Keys, CSPs, and Plaintext Data=== | ===Access to Cryptographic Keys, CSPs, and Plaintext Data=== | ||
Cryptographic keys, CSPs, and plaintext data are stored in the NSS databases. The NSS module creates its database files with the '''0600''' permission bits, making them readable and writable by the owner only. For example, | |||
$ ls -l *.db | |||
-rw------- 1 wtchang wtchang 65536 May 15 22:16 cert8.db | |||
-rw------- 1 wtchang wtchang 32768 May 15 22:16 key3.db | |||
-rw------- 1 wtchang wtchang 32768 May 15 22:15 secmod.db | |||
The operating system | ===Access to Audit Data=== | ||
The NSS module uses the audit mechanism provided by the operating system to audit events, so the NSS audit data are stored in the system audit log. The system audit log can only be read or modified by the root user. | |||
===Entry of Cryptographic Keys and CSPs=== | ===Entry of Cryptographic Keys and CSPs=== | ||
'''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs. | '''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs. | ||