JSS: How to load symmetric key from NSS DB?

Sat, 21 Mar 2009 14:50:26 -0700 

I wonder how is it possible to load symmetric key that is stored
inside the NSS DB via JSS API? I tried using KeyStore JCA class (as in
org.mozilla.jss.tests.KeyStoreTest example):

  KeyStore ks = KeyStore.getInstance("Mozilla-JSS");

but it turns out that JSSProvider doesn't register JSSKeyStoreSpi
class at all and therefore "Mozilla-JSS" instance of KeyStore doesn't
exist.
I tried fixing this by adding the following line to JSSProvider class:

  put("KeyStore.Mozilla-JSS",
"org.mozilla.jss.provider.java.security.JSSKeyStoreSpi");

But even though "getKey" API seemed to work fine, I got the following
exception when trying to use this key to init the cipher:

  encryptCipher.init(Cipher.ENCRYPT_MODE, key, params);

  # An unexpected error has been detected by Java Runtime Environment:
  #
  #  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x19ea4930,
pid=17900, tid=10928
  #
  # Java VM: Java HotSpot(TM) Client VM (11.2-b01 mixed mode windows-
x86)
  # Problematic frame:
  # C  [nss3.dll+0x34930]
  #
  # An error report file with more information is saved as:
  # D:\projects\yevgeniyg_EMS_5.8\TG1000\EMS\hs_err_pid17900.log
  #
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  # The crash happened outside the Java Virtual Machine in native
code.
  # See problematic frame for where to report the bug.
  #

So I wonder if there is some way to load symmetric key stored in the
NSS DB via JCA API?

I found the similar question in this newsgroup that is almost 2 years
old:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/3102368d651d5cb1/92b48da59a16a2cc?lnk=gst&q=jss+keystore#92b48da59a16a2cc
- and it seems to suggest using Sun PKCS11 provider with NSS instead.
Unfortunately AFAIK one can not mix Sun PKCS11 NSS provider with JSS
in the same code - and I'm using JSS API for the rest of my
application (due to the limitations in Sun PKCS11 NSS provider) - so
this doesn't seem to be a valid alternative to me...

Thank you in advance,
    Alex Agranov
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to