Re: JSS: How to load symmetric key from NSS DB?

Mon, 23 Mar 2009 16:05:14 -0700 


alex.agra...@gmail.com wrote:

I wonder how is it possible to load symmetric key that is stored
inside the NSS DB via JSS API? I tried using KeyStore JCA class (as in
org.mozilla.jss.tests.KeyStoreTest example):

  KeyStore ks = KeyStore.getInstance("Mozilla-JSS");

but it turns out that JSSProvider doesn't register JSSKeyStoreSpi
class at all and therefore "Mozilla-JSS" instance of KeyStore doesn't
exist.
I tried fixing this by adding the following line to JSSProvider class:

  put("KeyStore.Mozilla-JSS",
"org.mozilla.jss.provider.java.security.JSSKeyStoreSpi");

But even though "getKey" API seemed to work fine, I got the following
exception when trying to use this key to init the cipher:

  

This is not supported:
http://www.mozilla.org/projects/security/pki/jss/provider_notes.html#not-supported

  encryptCipher.init(Cipher.ENCRYPT_MODE, key, params);

  # An unexpected error has been detected by Java Runtime Environment:
  #
  #  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x19ea4930,
pid=17900, tid=10928
  #
  # Java VM: Java HotSpot(TM) Client VM (11.2-b01 mixed mode windows-
x86)
  # Problematic frame:
  # C  [nss3.dll+0x34930]
  #
  # An error report file with more information is saved as:
  # D:\projects\yevgeniyg_EMS_5.8\TG1000\EMS\hs_err_pid17900.log
  #
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  # The crash happened outside the Java Virtual Machine in native
code.
  # See problematic frame for where to report the bug.
  #

So I wonder if there is some way to load symmetric key stored in the
NSS DB via JCA API?

  

not using the JCA API/Mozilla-JSS provider but you can use JSS's  
KeyManager class


http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/SecretDecoderRing/KeyManager.html#lookupKey(org.mozilla.jss.crypto.EncryptionAlgorithm,%20byte[])


Now that NSS 3.12 has the Certificate and Key shareable database I need 
to revisit  Mozilla-JSS provider

supporting JCA KeyStore.


-glen






Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto





















					Reply via email to