Thanks David.
For EC, if no curve name is given then the type of keysize is used to
pick either P-256 or P-384 curve. I tried with and without curve name -
it fails both cases.
I also looked into the source code
(.../security/manager/ssl/src/nsCrypto.cpp) of PSM for FF3. The support
for EC seems to be enabled. There are no #ifdef for NS_ENABLE_ECC any
more. I even tried with FF3.5beta - it still does not work.
Actually, the key generation part works but the signing of the public
key does not work. I have verified this through separate key generation
and signing steps.
--
Subrata
David Stutzman wrote:
Subrata Mazumdar wrote:
On further testing and reading the description of
generateCRMFRequest() method doc, I figured out why the key
generation was failing.
I have to pass keySize as integer type not string type.
The key genartion now works for RSA and DSA key types but it still
fails for EC key type.
Is key generation for EC type is supported on Firefox 3.0.10?
EC keys need a curve (for instance the NIST P-256 or P-384 prime
curves), not an integer keysize, so they probably need something
different for that param. Unfortunately, I don't know anything
specific about the generateCRMFRequest() method so I can't tell you
exactly what you need to do. Depending on how the NSS for that
firefox was compiled, it may or may not support ECC at all.
Dave
--
Subrata
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto