canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
Jump to navigation
Jump to search
→Key Management
| Line 24: | Line 24: | ||
#* TLS master secret (used in the generation of symmetric cipher keys, IVs, and MAC keys for TLS) | #* TLS master secret (used in the generation of symmetric cipher keys, IVs, and MAC keys for TLS) | ||
#* authentication data (passwords). | #* authentication data (passwords). | ||
# The 1024-bit DSA public keys for the software/firmware integrity test are stored along with the DSA signatures in the .chk files for the softoken (PKCS #11) and freebl shared libraries/DLLs. The DSA domain parameters (prime p, subprime q, base g) and public key (y) are stored in a straight binary format (i.e., not DER encoded). | # The NSS cryptographic module uses the following cryptographic keys internally. These keys are not visible to the operator. | ||
#* The Triple DES key derived from the user's password, used to encrypt the secret keys and private keys stored in the private key database. | |||
#* The 1024-bit DSA public keys for the software/firmware integrity test are stored along with the DSA signatures in the .chk files for the softoken (PKCS #11) and freebl shared libraries/DLLs. The DSA domain parameters (prime p, subprime q, base g) and public key (y) are stored in a straight binary format (i.e., not DER encoded). | |||
# PKCS #12 (or previously known as PFX) defines a protocol for wrapping (encrypting) and unwrapping (decrypting) private key material and related certificates for import/export. | # PKCS #12 (or previously known as PFX) defines a protocol for wrapping (encrypting) and unwrapping (decrypting) private key material and related certificates for import/export. | ||
# The exported private key is encrypted with a DES-EDE3 (Triple DES) key derived from a user provided password -- see PKCS #5 below. | # The exported private key is encrypted with a DES-EDE3 (Triple DES) key derived from a user provided password -- see PKCS #5 below. | ||