canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
→Access to Cryptographic Keys, CSPs, and Plaintext Data
| Line 19: | Line 19: | ||
===Access to Cryptographic Keys, CSPs, and Plaintext Data=== | ===Access to Cryptographic Keys, CSPs, and Plaintext Data=== | ||
Cryptographic keys, CSPs, and plaintext data are stored in the NSS databases. The NSS module creates its database files with the '''0600''' permission bits so that only the owner can read or modify the database files. For example, | Cryptographic keys, CSPs, and plaintext data are stored in the NSS databases. The NSS module creates its database files with the '''0600''' permission bits so that only the owner can read or modify the database files. (See the <code>dbopen()</code> calls in the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pcertdb.c.html#4135 <code>nsslowcert_OpenPermCertDB</code>], [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/keydb.c.dep.html#nsslowkey_OpenKeyDB <code>nsslowkey_OpenKeyDB</code>], and [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pk11db.c.dep.html#secmod_OpenDB <code>secmod_OpenDB</code>] functions.) For example, | ||
$ ls -l *.db | $ ls -l *.db | ||
-rw------- 1 wtchang wtchang 65536 May 15 22:16 cert8.db | -rw------- 1 wtchang wtchang 65536 May 15 22:16 cert8.db | ||