TD0352: Added key destruction options
Recent versions of Java do provide Destroyable interfaces allowing the developer to specify destruction to the JVM.
FCS_CKM_EXT.4.1 is replaced as follows:
FCS_CKM_EXT.4.1 The email client shall [selection:
· invoke platform-provided key destruction,
· implement key destruction using [selection:
o For volatile memory, the erasure shall be executed by a [selection:
· single direct overwrite [selection:
o consisting of a pseudo-random pattern using the email client's RBG,
o consisting of a pseudo-random pattern using the host platform's RBG,
o consisting of zeroes],
§ destruction of reference to the key directly followed by a request for garbage collection].
o For non-volatile storage, the erasure shall be executed by [selection:
§ three or more times]
overwrite of key data storage location consisting of [selection:
· a pseudo random pattern using the email client's RBG (as specified in FCS_RBG_EXT.1 [AppPP],
· a pseudo-random pattern using the host platform's ,
· a static pattern]]
that meets the following: [selection:
· NIST SP800-88,
· no standard]
for destroying all keying material and cryptographic security parameters when no longer needed.
The Application Note is unchanged.
The following paragraph is added to the TSS Assurance Activity:
If ‘destruction of reference’ (for volatile memory) is selected then the relevant interface definition is examined by the evaluator to ensure that the interface supports the selection and description in the TSS.
A selection to request destruction followed by request for garbage collection has been added to accomodate destruction through destroyable interfaces.