mozilla wrote: > Thanks. That helps. The referenced Java program implies that 192 and 224 > are recognized values for the kpg initialize method. However, the program > accepted the parameters to initialize but generated errors when attempting > to generate the keys. (The program worked for generating pairs using 256, > 384, and 512.) > > Does that error make sense? Are there other limitations on the values > supported? Thanks again. > One can build two versions of NSS. Basic ECC and extended ECC with the flags:
NSS_ENABLE_ECC=1 NSS_ECC_MORE_THAN_SUITE_B=1 and the correct version of http://mxr.mozilla.org/security/source/security/nss/lib/freebl/ecl/ecl-curve.h JSS assumes you know which ECC version of NSS you're using. The basic ECC version of NSS only provides: NIST_P256, NIST_P384, and NIST_521. -glen > Bill Price > "Glen Beasley"<[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >> Bill Price wrote: >> >>> Based on the LXR examples on the JSS test page I appear to be able to >>> generate Elliptic Curve Pairs. The examples show generation of keys of >>> various length. However, I would like to generate key pairs using the >>> standard curves recognized by NIST or included in Suite B. The Java >>> documentation has an ECGenParameterSpec that takes a string name for the >>> standard or predefined curve. I tried modifying the programs to accept >>> > the > >>> parameter and guessing at the names from Suite B without success. >>> >>> > http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/ECGenParameterSpec.html > >> was introduced in J2SE 1.5. >> >> JSS cannot provide ECGenParameterSpec at this time since JSS still has >> to work with J2SE 1.4.2 (so FUN...) >> >> but the current implemenation creates the suite B curves by default. >> Meaning JSS PK11KeyPairGenerator is >> hard coded for a specific strengh. To find out the JSS defaults look at: >> >> >> > http://lxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java#617 > >> so: >> kpg = java.security.KeyPairGenerator.getInstance("EC", >> "Mozilla-JSS"); >> kpg.initialize(256); >> keyPair = kpg.genKeyPair(); >> System.out.println("Generated 256-bit EC KeyPair!"); >> >> The 256 key is */NIST P-256 == SECG P-256R1 (TLS-23)/* and JSS is not >> able to create */SECG P-256K1 (TLS-22)/* >> >> hope this helps, >> >> glen >> >> >> >>> Does JSS have the ability to generate keypairs using the standard >>> > curves? If > >>> so, is there a list of the recognized names (as Strings)? >>> >>> Thanks. >>> >>> Bill Price >>> >>> >>> >>> _______________________________________________ >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >>> >>> > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto