canmove, Confirmed users
937
edits
Security Policy: Difference between revisions
Jump to navigation
Jump to search
→Specification of Security Policy
| Line 86: | Line 86: | ||
| 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form with <code>FC_WrapKey</code>. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form with <code>FC_WrapKey</code>. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 19 || All secret and private keys shall be stored in | | 19 || All secret and private keys shall be stored in encrypted form (using a Triple-DES key derived from the password) in the private key database (key3.db) in secondary storage. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | | 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | ||