Canmove, confirm
937
edits
Changes
→Auditable Events
The following events are auditable by the NSS cryptographic module.
* modifications, accesses, deletions, and additions of cryptographic data (e.g., cryptographic keys and audit data) and CSPs (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs): audit data and authentication data are handled below. Here we only handle cryptographic keys.
** Object management functions, where the object is a cryptographic key (object class <code>CKO_PUBLIC_KEY</code>, <code>CKO_PRIVATE_KEY</code>, and <code>CKO_SECRET_KEY</code>)
*** <code>FC_CreateObject</code>
*** <code>FC_CopyObject</code>
*** <code>FC_DestroyObject</code>
*** <code>FC_GetObjectSize</code>
*** <code>FC_GetAttributeValue</code>
*** <code>FC_SetAttributeValue</code>
** Key management functions
*** <code>FC_GenerateKey</code>
*** <code>FC_GenerateKeyPair</code>
*** <code>FC_UnwrapKey</code>
*** <code>FC_DeriveKey</code>
** Cipher "Init" functions
*** <code>C_EncryptInit</code>
*** <code>C_DecryptInit</code>
*** <code>C_SignInit</code>
*** <code>C_SignRecoverInit</code>
*** <code>C_VerifyInit</code>
*** <code>C_VerifyRecoverInit</code>
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
