canmove, Confirmed users
937
edits
FIPS Module Specification: Difference between revisions
→The Cryptographic Boundary
| Line 50: | Line 50: | ||
The NSS cryptographic module is a multiple-chip standalone cryptographic module. The physical boundary of the NSS cryptographic module is the enclosure of the general purpose computer it runs on, including any hardware or software that inputs, processes, or outputs important security parameters that could lead to the compromise of sensitive information if not properly controlled. | The NSS cryptographic module is a multiple-chip standalone cryptographic module. The physical boundary of the NSS cryptographic module is the enclosure of the general purpose computer it runs on, including any hardware or software that inputs, processes, or outputs important security parameters that could lead to the compromise of sensitive information if not properly controlled. | ||
The NSS cryptographic module implements the PKCS #11 (Cryptoki) API. The API itself defines the logical cryptographic boundary, thus all implementation is inside the boundary. The NSS cryptographic module has two modes of operation: non-FIPS Approved mode (the default) and FIPS Approved mode. The FIPS Approved mode is designed specifically for FIPS, and allows applications using the NSS cryptographic module to operate in a strictly FIPS mode. The diagram below shows the relationship of the layers. | The NSS cryptographic module implements the PKCS #11 (Cryptoki) API. The API itself defines the logical cryptographic boundary, thus all implementation is inside the boundary. The NSS cryptographic module has two modes of operation: non-FIPS Approved mode (the default) and FIPS Approved mode. The FIPS Approved mode is designed specifically for FIPS 140-2, and allows applications using the NSS cryptographic module to operate in a strictly FIPS mode. The diagram below shows the relationship of the layers. | ||
[[ Image:Fipsmod.png ]] | [[ Image:Fipsmod.png ]] | ||