canmove, Confirmed users
937
edits
Security Policy: Difference between revisions
→Specification of Security Policy
No edit summary |
|||
| Line 86: | Line 86: | ||
| 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 18 || Secret and private keys, plaintext passwords, and other security-relevant data items shall be maintained under the control of the cryptographic module. Secret and private keys shall only be passed to higher level callers in encrypted (wrapped) form. '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 19 || All secret and private keys shall be stored in an encrypted form in private key database (see 14). '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | | 19 || All secret and private keys shall be stored in an encrypted form in the private key database (see Rule 14). '''Note''': password-encrypted secret and private keys should be considered in plaintext form in FIPS mode. | ||
|- | |- | ||
| 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | | 20 || Integrity checks shall be applied to the private and public key material retrieved from the database to ensure genuine data. | ||