On 03/25/2015 04:30 AM, Jan Otte wrote:
Hi,When finding out how to do key zeroization in NSS DB I stumbled upon https://bugzilla.mozilla.org/show_bug.cgi?id=347450 The last comment states that key zeroization is not needed for FIPS, which is in contrast with the initial description. What is the reason behind this - why is the key zeroization in NSS DB not needed?
This isn't about zeroization of the database, it's about zeroing the internal databuffers from the database. Those buffers don't need to be zeroized because the data in them is encrypted. Keys in your nss database are stored encrypted, which is why you need to supply a password before you use it. If you don't have to supply a password, then the keys are still encrypted, but they key they are encrypted in can be trivially calculated given an NSS database (the password is set to the NULL string).
As for zeroization of the database itself, it depends on why you want to do it. If you are trying to meet a particular security policy are just paranoid, you can set the password to an arbitrarily random string that you don't save (like the output of 128 bytes of /dev/random converted to hex). Setting the password reencrypts each entry in the database with that password. At this point you can simply do a database reset. (which basically deletes the old database and creates a new empty database). If you just want to 'get rid of your keys' you ca simply do a database reset, though in that case it's possible that data blocks in your database are still floating around on your harddisk free list.
It should be obvious that both of these methods would get rid of all your private and secret keys. What may not be obvious is the secret keys used to encrypt your website passwords will also be gone... Even if you didn't have an NSS password set initially (those passwords are also always encrypted and if you loose or change your NSS key database you will loose those passwords as well).
Also it may not be obvious that this only affects the key database, not the cert database. The cert database stores cryptographicly public information (that is information that can be sent publicly without breaking cryptographic security). For example, your personal email and client auth certificates are stored in the cert database. You can't use them for signing, authentication, or email decryption however, without the associated private keys, so the certs will still be accessible, but they won't be usable as user certs (they won't show up in the user cert side of the firefox cert view, for example).
bob
Thanks & best regards, Jan
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
