B.3 FIPS Miscellaneous Information

Libgcrypt does not do any key management on itself; the application needs to care about it. Keys which are passed to Libgcrypt should be allocated in secure memory as available with the functions gcry_malloc_secure and gcry_calloc_secure. By calling gcry_free on this memory, the memory and thus the keys are overwritten with zero bytes before releasing the memory.

For use with the random number generator, Libgcrypt generates 3 internal keys which are stored in the encryption contexts used by the RNG. These keys are stored in secure memory for the lifetime of the process. Application are required to use GCRYCTL_TERM_SECMEM before process termination. This will zero out the entire secure memory and thus also the encryption contexts with these keys.

This document was generated on February 9, 2014 using texi2html 5.0.