VE 07KeyMgmt: Difference between revisions

VE 07KeyMgmt (view source)

545 bytes added , 31 July 2006

canmove, Confirmed users

937

edits

@@ Line 8: / Line 8: @@
 ## Public keys in public/private key pairs (owned by the operator) are stored as attributes of the associated private keys in the private key database.
 ## X.509 v3 certificates containing public keys are stored DER encoded in the certificate database. The certificates are not encrypted, but are digitally signed by the Certification Authority (CA) that created them.
+## At Security Level 1, the operating system is restricted to a single operator mode of operation, which protects against unauthorized modification and substitution of the public keys and certificates stored in the private key and certificate databases. At Security Level 2, we use the discretionary access control mechanism of the operating system on the private key and certificate databases to protect against unauthorized modification and substitution of the public keys and certificates stored in the private key and certificate databases.
 # PKCS #12 (or previously known as PFX) defines a protocol for wrapping (encrypting) and unwrapping (decrypting) private key material and related certificates for import/export.
 # The exported private key is encrypted with a DES-EDE3 (Triple DES) key derived from a user provided password -- see PKCS #5 below.