Maintainability
Security systems must be maintainable to change with security policy demands. For example, security vulnerabilities have been discovered in certain PKCS#11 mechanisms, and these are no longer available in FIPS Mode (See ProtectToolkit-C administration for more information). New algorithms are introduced and others are phased out.
Many changes in security applications also relate to the increased use of PKI systems, with related public key certification and cryptographic demands.
ProtectToolkit-C maintenance
-
Give keys meaningful names (CKA_LABEL) referring to their usage and origin. For example: “KEK - Database” for a key-encrypting-key for use with an applications database.
-
Use supplied PKCS#11 helper functions from CTUTIL library. These are provided to perform most common PKCS#11 operations and have been thoroughly tested.
-
Use appropriate key sizes and cryptographic algorithms, and allow for key sizes to increase.
-
Write portable code. ProtectToolkit-C is available on many platforms from Win32/64 to Unix, and the best applications are most likely to be ported.
ProtectToolkit-C maintenance caveats
-
Watch out for spaces and NULL (‘\0’) characters in ProtectToolkit-C token and object labels.
-
Attribute template handling code can become very messy, and there is a tendency to use global variables. Local variables are better and can be made ‘static’ to avoid stack-based initialization compiler warnings.