canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
→Key Zeroization
| Line 87: | Line 87: | ||
=Key Zeroization= | =Key Zeroization= | ||
The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a private key or password. In summary, private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroized once the use is complete. The function used to zeroize memory used by private key material is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>: | The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a secret or private key or password. In summary, secret and private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroized once the use is complete. The function used to zeroize memory used by private key material is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>: | ||
#define PORT_Memset memset | #define PORT_Memset memset | ||
If the memory used by private key material is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory: | If the memory used by private key material is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory: | ||
| Line 100: | Line 100: | ||
(<code>PR_Free()</code> calls the Standard C library function <code>free()</code> to free memory allocated from the heap.) | (<code>PR_Free()</code> calls the Standard C library function <code>free()</code> to free memory allocated from the heap.) | ||
A plaintext secret or private key is zeroized when it is deleted. | |||
All plaintext secret and private keys are zeroized when | |||
* the NSS cryptographic module is shut down (with a <code>FC_Finalize</code> call), | |||
* the NSS cryptographic module is reinitialized (with a <code>FC_InitToken</code> call), or | |||
* the NSS cryptographic module switches between the FIPS and non-FIPS modes. | |||
Passwords are automatically zeroized immediately after use. | |||
The <code>memset()</code> function is extremely fast. Zeroization can be performed in a time that is not sufficient to compromise plaintext secret and private keys and passwords. | |||