198
edits
Security Policy: Difference between revisions
m
→Specification of Security Policy
| Line 83: | Line 83: | ||
| 17 || The user's password shall act as the key material to encrypt/decrypt private key material. '''Note''': password-encrypted private keys should be considered in plaintext in FIPS mode. | | 17 || The user's password shall act as the key material to encrypt/decrypt private key material. '''Note''': password-encrypted private keys should be considered in plaintext in FIPS mode. | ||
|- | |- | ||
| 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module, and shall not be passed to higher level callers. | | 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module, and shall not be passed to higher level callers in enencrypted (unwrapped) form. | ||
|- | |- | ||
| 19 || | | 19 || All secret and private keys shall be stored in an encrypted form in private key database (see 14). '''Note''': password-encrypted private keys should be considered in plaintext in FIPS mode. | ||
|- | |- | ||
| 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | | 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | ||