FIPS Module Specification: Difference between revisions

FIPS Module Specification (view source)

Revision as of 00:12, 13 July 2006

762 bytes removed , 13 July 2006

→‎Module Components

Wtchang

canmove, Confirmed users

937

edits

@@ Line 14: / Line 14: @@
 |-
 !
-Cryptographic
+NSS Cryptographic
 Module Components
 !
@@ Line 28: / Line 28: @@
 <div class=note>'''Note''': Filename extensions depend upon the target operating environment. For some CPUs libfreebl3 is distributed in more than one variant. The optimal version is selected at run time.</div>
-The database code of the NSS cryptographic module (Berkeley DB 1.85, in mozilla/dbm and mozilla/security/nss/lib/softoken/dbmshim.c) is excluded from the security requirements of FIPS 140-2.
+The NSS cryptographic module depends on the following libraries outside the cryptographic boundary. They provide platform abstraction and utility functions.
-<div class=note>'''Rationale''': The security-related information stored in the databases is either encrypted (e.g., secret and private cryptographic keys) or digitally signed (e.g., certificates and CRLs). If the database code is malfunctioning or misused, the PKCS #5 password-based encryption of the secret and private cryptographic keys will ensure their confidentiality and detect data corruption or malicious changes, and the digital signatures on the public data (certificates and CRLs) will detect data corruption or malicious changes. Therefore, the malfunction or misuse of the database code cannot cause a compromise under any reasonable condition.</div>
-The NSS module depends on the following libraries outside the cryptographic boundary.
 {| border="1" cellpadding="2"
@@ Line 37: / Line 34: @@
 |-
 !
-NSS Dependencies
+NSS Cryptographic Module Dependencies
 !
 Library

FIPS Module Specification: Difference between revisions

FIPS Module Specification (view source)

Revision as of 00:12, 13 July 2006

Navigation menu

Search