NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0352:  Added key destruction options

Publication Date
2018.09.18

Protection Profiles
PP_APP_EMAILCLIENT_EP_v2.0

Other References
FCS_CKM_EXT.4

Issue Description

Recent versions of Java do provide Destroyable interfaces allowing the developer to specify destruction to the JVM.

Resolution

FCS_CKM_EXT.4.1 is replaced as follows:

FCS_CKM_EXT.4.1 The email client shall [selection:

·         invoke platform-provided key destruction,

·         implement key destruction using [selection:

o   For volatile memory, the erasure shall be executed by a [selection:

·         single direct overwrite [selection:

o   consisting of a pseudo-random pattern using the email client's RBG,

o   consisting of a pseudo-random pattern using the host platform's RBG,

o   consisting of zeroes],

§  destruction of reference to the key directly followed by a request for garbage collection].

o   For non-volatile storage, the erasure shall be executed by [selection:

§  single,

§  three or more times]

 overwrite of key data storage location consisting of [selection:

·         a pseudo random pattern using the email client's RBG (as specified in FCS_RBG_EXT.1 [AppPP],

·         a pseudo-random pattern using the host platform's ,

·         a static pattern]]

that meets the following: [selection:

·         NIST SP800-88,

·         no standard]

 for destroying all keying material and cryptographic security parameters when no longer needed.

 

The Application Note is unchanged.

 

The following paragraph is added to the TSS Assurance Activity:

 

If  destruction of reference’ (for volatile memory) is selected then the relevant interface definition is examined by the evaluator to ensure that the interface supports the selection and description in the TSS.

Justification

A selection to request destruction followed by request for garbage collection has been added to accomodate destruction through destroyable interfaces.

 
 
Site Map              Contact Us              Home