439
edits
NSS Shared DB: Difference between revisions
Jump to navigation
Jump to search
→Special coding for encrypted entries
| Line 226: | Line 226: | ||
*SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: | *SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: | ||
*SEC_OID_PKCS5_PBES2 (actual encryption and prf algorithms are stored in parameters) | *SEC_OID_PKCS5_PBES2 (actual encryption and prf algorithms are stored in parameters) | ||
**Valid Encryption Algorithms | |||
***SEC_OID_AES_128_CBC | |||
***SEC_OID_AES_192_CBC | |||
***SEC_OID_AES_256_CBC | |||
**Valid PRF Algorithms | |||
***SEC_OID_HMAC_SHA_1 | |||
***SEC_OID_HMAC_SHA256 | |||
***SEC_OID_HMAC_SHA384 | |||
***SEC_OID_HMAC_SHA512 | |||
*SEC_OID_PKCS5_PBMAC1 (actual hmac and prf algorthms are stored in parameters) | *SEC_OID_PKCS5_PBMAC1 (actual hmac and prf algorthms are stored in parameters) | ||
**Valid HMAC and PRF Algorithms | |||
***SEC_OID_HMAC_SHA_1 | |||
***SEC_OID_HMAC_SHA256 | |||
***SEC_OID_HMAC_SHA384 | |||
***SEC_OID_HMAC_SHA512 | |||
The base key used in the PBE is the token password hashed with the token's global salt stored in the password entry. <In FIPS mode this resulting key is further transformed by setting it to value 'x' and using x to raise generator 'g' to the 'x' power modulo 'p'. The final result is the token key. g and p are stored with the base user's protection in the filesystem in the same directory as the certificate and key database. g and p should be considered 'secret' values.>* | The base key used in the PBE is the token password hashed with the token's global salt stored in the password entry. <In FIPS mode this resulting key is further transformed by setting it to value 'x' and using x to raise generator 'g' to the 'x' power modulo 'p'. The final result is the token key. g and p are stored with the base user's protection in the filesystem in the same directory as the certificate and key database. g and p should be considered 'secret' values.>* | ||