MozillaWiki

VE 07KeyMgmt: Difference between revisions

Page Discussion

VE 07KeyMgmt (view source)

Revision as of 02:36, 4 May 2006

442 bytes removed ,  4 May 2006
no edit summary
No edit summary
No edit summary
Line 6: Line 6:


# The SSL2.0 and SSL3.0 specification details how public key certificates are exchanged over the network.
# The SSL2.0 and SSL3.0 specification details how public key certificates are exchanged over the network.
# The Certificate Download [Communicator 4.0] specification details how X509 v3 CA , user, and S/MIME certificates can be downloaded and installed over the network. *
# The Netscape* Extensions for User Key Generation Communicator 4.0 Version specification details the extensions that cause RSA and DSA keys to be generated.
# Our private key and certificate databases [for both client and server products] is a B-tree (DBM) indexed flat file [regular file].
# Our private key and certificate databases [for both client and server products] is a B-tree (DBM) indexed flat file [regular file].
# The private key  is stored encrypted using DES-EDE3  [triple-DES] [in all cases -- export or domestic, FIPS or non-FIPS].
# The private key  is stored encrypted using DES-EDE3  [triple-DES] [in all cases -- export or domestic, FIPS or non-FIPS].
# The private keys are not stored in plain text.
# The private keys are not stored in plain text.
# In non-internal cryptographic service providers [see PKCS#11 specification], the CSP provides its own implementation of key storage -- this document describes just the internal CSPs provided in Netscape products.
# In non-internal cryptographic service providers [see PKCS#11 specification], the CSP provides its own implementation of key storage -- this document describes just the internal CSPs provided in NSS.
# The X509v3 certificates are stored DER encoding in the DBM file.
# The X509v3 certificates are stored DER encoding in the DBM file.
# The certificates are not encrypted, but are digitally signed by the Certification Authority [CA] that created them.
# The certificates are not encrypted, but are digitally signed by the Certification Authority [CA] that created them.
Line 20: Line 18:
# Prior to exiting the Cryptographic Module, all plain text session ids (for SSL), passwords entered by users, and private key (stored on disk) are zeroed from memory.
# Prior to exiting the Cryptographic Module, all plain text session ids (for SSL), passwords entered by users, and private key (stored on disk) are zeroed from memory.
# PKCS#12 can be used to archive a wrapped (encrypted) private key for recovery purposes.
# PKCS#12 can be used to archive a wrapped (encrypted) private key for recovery purposes.
# Our use of DES and DES-EDE3, as called out in PKCS#12, are FIPS 46-2 validated.
# Our use of DES and DES-EDE3, as called out in PKCS#12, are FIPS 46-3 validated.
# See DES Certificate Number 6, indicates that Netscape's DES implementation conforms to FIPS 46-2.
# NSS's triple-DES implementation conforms to FIPS 46-3. ( [http://csrc.nist.gov/cryptval/des/tripledesval.html TripleDES])
# See DES-EDE3 Certificate Number 10, indicates that Netscape's triple-DES implementation also conforms to FIPS 46-2.
# NSS's SHA-1 implementation conforms to FIPS 180-2. See [http://csrc.nist.gov/cryptval/shs/shaval.htm SHS].
# See SHA-1 Certificate Number 3, indicates that Netscape's SHA-1 implementation conforms to FIPS 180-1. *
# NSS's DSA implementation conforms to FIPS 186-2. ([http://csrc.nist.gov/cryptval/dss/dsaval.htm DSA])
# See DSA Certificate Number 3, indicates that Netscape's DSA implementation conforms to FIPS 186. *
# All key/certificate management operations of the NSS cryptogrpahic service provides (CSPs) are FIPS 140-2 validated.
# All key/certificate management operations of the Netscape software cryptogrpahic service provides (CSPs) are FIPS 140-1 validated.


'''Key Generation'''
'''Key Generation'''
Neil.williams
198

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/25059"