canmove, Confirmed users
937
edits
Security Policy: Difference between revisions
Jump to navigation
Jump to search
→Specification of Security Policy
| Line 84: | Line 84: | ||
| 17 || The user's password shall act as the key material to encrypt/decrypt private key material. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 17 || The user's password shall act as the key material to encrypt/decrypt private key material. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form with <code>FC_WrapKey</code>. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 19 || All secret and private keys shall be stored in an encrypted form in the private key database (see Rule 14). '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 19 || All secret and private keys shall be stored in an encrypted form in the private key database (see Rule 14). '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||