===Access to Cryptographic Keys, CSPs, and Plaintext Data===
Cryptographic keys, CSPs, and plaintext data are stored in the NSS databases. The NSS module creates its database files with the '''0600''' permission bits so that only the owner can read or modify the database files. (See the <code>dbopen()</code> calls in the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pcertdb.c.html#4135 <code>nsslowcert_OpenPermCertDB</code>], [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/keydb.c.dep.html#nsslowkey_OpenKeyDB <code>nsslowkey_OpenKeyDB</code>], and [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pk11db.c.dep.html#secmod_OpenDB <code>secmod_OpenDB</code>] functions.) For example,
$ ls -l *.db
-rw------- 1 wtchang wtchang 65536 May 15 22:16 cert8.db