Method used for encrypting Distribution Password and Universal Password in eDirectory

  • 7009562
  • 13-Oct-2011
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for All Platforms

Situation

The Distribution Password is protected in the same way as the Universal Password which is the following:

- The Distribution Password and Universal Password are encrypted using a user specific 3DES key which is referred to the Password Key.

- The Password Key is wrapped/encrypted using the 3DES Tree Key.  This key is sometimes referred to as the SDI Key.

- The Tree Key is held by every eDirectory server in the tree.

- The Tree Key is wrapped/encrypted using the 3DES server specific Storage Key.

- The Storage Key is obfuscated and stored on the disk.

The NICI FIPS Security Policy Section 2.6.4.1 Key Storage Keys section provides some additional information regarding the Key Storage Key.  That document can be found on the NIST web site at:  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp769.pdf

Feedback service temporarily unavailable. For content questions or problems, please contact Support.