VE 07KeyMgmt: Difference between revisions

Jump to navigation Jump to search

VE 07KeyMgmt (view source)

Revision as of 22:04, 31 July 2006

212 bytes added ,  31 July 2006
→‎Key Management
Line 4: Line 4:


# Our private key and certificate databases are hash (DBM) indexed flat files (regular files).
# Our private key and certificate databases are hash (DBM) indexed flat files (regular files).
# The private keys and secret keys are stored in the private key database. At Security Level 1, the operating system is restricted to a single operator mode of operation, which protects against unauthorized disclosure, modification, and substitution of the private keys and secret keys stored in the private key database. At Security Level 2, we use the discretionary access control mechanism of the operating system on the private key database to protect against unauthorized disclosure, modification, and substitution of the private keys and secret keys stored in the private key database. <div class=note>The private keys and secret keys stored in the private key database are password-encrypted using DES-EDE3 (Triple DES) to provide additional protection against unauthorized disclosure, modification, and substitution. The password-based encryption is considered by FIPS as plaintext.</div> When the private keys and secret keys reside in memory, they are protected by the OS.
# Private keys and secret keys are stored in the private key database. At Security Level 1, the operating system is restricted to a single operator mode of operation, which protects against unauthorized disclosure, modification, and substitution of the private keys and secret keys stored in the private key database. At Security Level 2, we use the discretionary access control mechanism of the operating system on the private key database to protect against unauthorized disclosure, modification, and substitution of the private keys and secret keys stored in the private key database. <div class=note>The private keys and secret keys stored in the private key database are password-encrypted using DES-EDE3 (Triple DES) to provide additional protection against unauthorized disclosure, modification, and substitution. The password-based encryption is considered by FIPS as in plaintext form.</div> When the private keys and secret keys reside in memory, they are protected by the OS.
# The X.509 v3 certificates are stored DER encoded in the certificate database.
# Public keys are stored in two ways.
# The certificates are not encrypted, but are digitally signed by the Certification Authority (CA) that created them.
## Public keys in public/private key pairs (owned by the operator) are stored as attributes of the associated private keys in the private key database.
## X.509 v3 certificates containing public keys are stored DER encoded in the certificate database. The certificates are not encrypted, but are digitally signed by the Certification Authority (CA) that created them.
# PKCS #12 (or previously known as PFX) defines a protocol for wrapping (encrypting) and unwrapping (decrypting) private key material and related certificates for import/export.
# PKCS #12 (or previously known as PFX) defines a protocol for wrapping (encrypting) and unwrapping (decrypting) private key material and related certificates for import/export.
# The exported private key is encrypted with a DES-EDE3 (Triple DES) key derived from a user provided password -- see PKCS #5 below.
# The exported private key is encrypted with a DES-EDE3 (Triple DES) key derived from a user provided password -- see PKCS #5 below.
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/30286"

Navigation menu