Closed
Bug 360425
Opened 18 years ago
Closed 6 months ago
support single-usage keys
Categories
(NSS :: Libraries, enhancement, P5)
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: nelson, Unassigned)
References
Details
(Whiteboard: FIPS)
NIST has proposed to require that any public or private key be usable only for signing, or only for encryption (e.g. key wrapping, key transport), but not for both. This would be a requirement of a future revision of FIPS 140. Our PKCS#11 module has the ability to create such single-usage keys, and to record that keys are single usage (I think), but many of NSS's APIs for requesting keys have no ability to request this single usage. AFAIK, we have no way to request the generation of a key pair where the generated keys will be usable only for signature and not for encryption, or vice versa. It is also not clear that we have any way to ensure that a certificate request for a single usage key will request a cert whose extensions identify it as valid only for that single usage. This strikes me as a bigger enhancement than the enhancement for single-usage certs in libSSL. It affects tools also.
Updated•16 years ago
|
Whiteboard: FIPS
Comment 2•15 years ago
|
||
removed from FIPS2009. will consider for future release.
No longer blocks: FIPS2008
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Severity: S3 → N/A
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•