Thank you, I will clarify my requirement. I was somewhat suspect of the
requirement anyway.
On 05/19/2015 11:14 AM, Robert Relyea wrote:
On 05/18/2015 03:04 PM, Arthur Ramsey wrote:
I have a requirement to disable key export on a key stored in a NSS
DB in FIPS mode. I read through the documentation and found mention
of the ability to do this, but not how. Where can I find information
on how to disable key export? I will be using the NSS module via
Java to obtain FIPS 140-2 compliance. I imported the key via p12
format, but I could complete the entire process via NSS if needed.
We only support sensitive, not extractable in the NSS FIPS.
If you are talking about database keys, the actual key is stored p12
encrypted in a database, so there would be no way to prevent someone
how has both the database and the password for the database from
extracting the key.
That being said several versions of NSS already has FIPS 140-2. I
believe FIPS 140-2 allows extracting keys with wrapping keys.
bob
Thanks,
Arthur
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ram...@mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyoffi...@mediture.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto