VE 07KeyMgmt: Difference between revisions

Jump to navigation Jump to search

VE 07KeyMgmt (view source)

Revision as of 18:50, 21 August 2006

161 bytes removed ,  21 August 2006
→‎Key Zeroization
Line 114: Line 114:
=Key Zeroization=
=Key Zeroization=


The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a secret or private key or password. In summary, secret and private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroized once the use is complete. The function used to zeroize memory used by private key material is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. The function used to zeroize memory used by plaintext secret and private keys and passwords is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
   #define PORT_Memset    memset
   #define PORT_Memset    memset
If the memory used by private key material is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
If the memory is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
   void
   void
   PORT_ZFree(void *ptr, size_t len)
   PORT_ZFree(void *ptr, size_t len)
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/32058"

Navigation menu