|
|
 |
 |
Security Testing and Evaluation Labs
Security Evaluation Laboratory (SEL)
NSA : PKI Client PP
This Protection Profile describes a minimum set of Information Technology (IT) security requirements that must be implemented by any Client operating in the MISSI Certificate Management Infrastructure.
This Protection Profile is a member of a group of Protection Profiles that cover all the objects that comprise the MISSI Certificate Management Infrastructure. The complete set of Protection Profiles will be for the following objects:
- Certification Authority, including the Policy Creation Authority (PCA), the Policy Approving Authority (PAA), and the Indirect Certificate Revocation List (CRL) Authority, as defined in the CA PP.
- Registration Authority, as defined in the RA PP.
- Clients, including the Relying party end entity and the Subscriber end entity, as defined in this document.
- Repository.
The primary goal of this document is to map as directly as possible the US Department of Defense X.509 Certificate Policy requirements [USDOD_CP] for Clients to the latest version of the Common Criteria (CC). The primary source documents for this Protection Profile are as follows:
- US Department of Defense X.509 Certificate Policy, draft, Version 2.0 [USDOD_CP], and
- Certification Practices Statement for the Certificate Management Infrastructure of the Defense Information Infrastructure, draft, Version 0.2 [CPS].
The TOE is a PKI component called a Client. A Client is an entity in a PKI that has the ability to request user certificates, use user certificates, or both. What about CRLs? What about ability to use your own private key without needing a certificate? User certificates are certificates that are issued to users, as opposed to CA certificates. CA certificates are certificates that one CA issues another. When a Client is requesting that a CA issue it a certificate or performing related tasks (e.g., generating its key pairs or managing its private key), that Client is said to be acting as a Subscriber. Also the subscriber is a client who is using its private key. When a Client is using a certificate (e.g., verifying signatures or encrypting data), that client is said to be acting as a Relying Party.
Client Subscriber functionality is limited to:
- Generating key pairs
- Requesting user certificates
- Requesting the renewal of user certificates
- Requesting the revocation of user certificates
- Receiving certificates
- Protecting its private key
- Using the private to sign a message
Generating key pairs consists of generating large numbers that are mathematically related for use in public key cryptographic operations. Requesting user certificates consists of generating and issuing a request for a user certificate either to a RA or to a CA in a signed request. Requesting the renewal of user certificates consists of generating and issuing a request to renew an expireda user certificate that is going to expire, generating and issuing a request to update a user certificate field other than the validity period of a user certificate, and issuing and generating a request to re-key a user certificate. Requesting the revocation of user certificates consists of generating and issuing a revocation request for a user certificate to either a RA or a CA in a signed request. Receiving user certificates consists of receiving user and possibly CA certificates either directly or from a repository. Protecting its private key consists of managing its private key information such that access to it is controlled.
Client Relying Party functionality is limited to:
- Verifying signatures
- Generating signatures
- Encrypting data
- Decrypting data
Verifying signatures and decrypting encrypting (for millionth time, you use public key to encrypt and private key to decrypt) data consists ofrequires extracting and using as appropriatevalid user public key information from the user and possibly CA certificates. Generating signatures and encrypting decrypting data consists ofrequires signing user data using private key information.
The TOE does not include any underlying cryptomodules, operating systems, or hardware.
The TOE is minimally compliant with DOD certificate policy.
|
|