FIPS Module Specification: Difference between revisions

Jump to navigation Jump to search

FIPS Module Specification (view source)

Revision as of 22:27, 12 July 2006

45 bytes added ,  12 July 2006
→‎The Cryptographic Boundary
Line 53: Line 53:
The NSS cryptographic module is a multiple-chip standalone cryptographic module. The physical boundary of the NSS cryptographic module is the enclosure of the general purpose computer it runs on, including any hardware or software that inputs, processes, or outputs important security parameters that could lead to the compromise of sensitive information if not properly controlled.
The NSS cryptographic module is a multiple-chip standalone cryptographic module. The physical boundary of the NSS cryptographic module is the enclosure of the general purpose computer it runs on, including any hardware or software that inputs, processes, or outputs important security parameters that could lead to the compromise of sensitive information if not properly controlled.


The NSS cryptographic module implements the PKCS #11 (Cryptoki) API. The API itself defines the logical cryptographic boundary, thus all implementation is inside the boundary. The NSS cryptographic module has two modes of operation: non-FIPS mode (the default) and FIPS mode. <div class=note>The non-FIPS mode is implemented with a pair of PKCS #11 tokens, and the FIPS mode is implemented with the FIPS PKCS #11 token.</div> The FIPS mode is designed specifically for FIPS, and allows applications using the NSS cryptographic module to operate in a strictly FIPS mode. The diagram below shows the relationship of the layers.
The NSS cryptographic module implements the PKCS #11 (Cryptoki) API. The API itself defines the logical cryptographic boundary, thus all implementation is inside the boundary. The NSS cryptographic module has two modes of operation: non-FIPS Approved mode (the default) and FIPS Approved mode. <div class=note>The non-FIPS Approved mode is implemented with a pair of PKCS #11 tokens, and the FIPS Approved mode is implemented with the FIPS PKCS #11 token.</div> The FIPS Approved mode is designed specifically for FIPS, and allows applications using the NSS cryptographic module to operate in a strictly FIPS mode. The diagram below shows the relationship of the layers.


[[ Image:Fipsmod.png ]]
[[ Image:Fipsmod.png ]]
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/29208"

Navigation menu