Ryan,
I agree; while I did not mention RFC 4158, it is a good reference. I
echo your hope that someday, CERT_PKIXVerifyCert/libpkix will provide
additional diagnostic information.
Some of my own observations:
- while a scoring method is useful (and certainly, an "objective" method
is best),
Sean,
The "Path Building" logic/requirements/concerned you described is best
described within RFC 4158, which has been mentioned previously.
As Brian mentioned in the past, this was 'lumped in' with the description
of RFC 5280, but it's really its own thing.
libpkix reflects the union of RFC 415
Le mardi 24 janvier 2012 16:29:05 UTC+1, helpcrypto helpcrypto a écrit :
> Ok guys, just to let you know, now its working. (Again, this list
> deserves my love)
>
> 2 things were happenning:
>
> 1-As Rob Relyea (thx) pointed me, i was doing something wrong: My
> C_Decrypt function was returning 1
On 01/25/2012 12:52 AM, helpcrypto helpcrypto wrote:
Yes, 24 bytes is the length of the key. That key length is different for
different key length. You are supposed to get that length from the encoded
in pkcs #1 format. The underlying decode function should tell you how many
bytes it is returning
hi all,
I tried to get the attributes from a private key (see the following code
piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others
(CKA_PRIVATE_EXPONENT etc.) can not be got.
Could you tell me how to solve it?
By the way, I generate rsa key pair without "sensitive"
(PK1
I went looking for the NSS release notes but
http://www.mozilla.org/projects/security/pki/nss/
seems out of date, is that an oversight? Can we get it fixed?
I also looked in the CVS tree and couldn't find a ChangeLog,
release_notes, or relevant README. I'm probably just not looking in the
rig
Part III
On 1/18/2012 4:23 PM, Brian Smith wrote:
Sean Leonard wrote:
>> We do not currently use HTTP or LDAP certificate stores with respect
>> to libpkix/the functionality that is exposed by CERT_PKIXVerifyCert.
>> That being said, it is conceivable that others could use this feature,
>> and
Part II
On 1/18/2012 4:23 PM, Brian Smith wrote:
> Sean Leonard wrote:
>> and no log information.
>
> Firefox has also been bitten by this and this is one of the things
blocking the switch to libpkix as the default mechanism in Firefox.
However, sometime soon I may just propose that we change
> Yes, 24 bytes is the length of the key. That key length is different for
> different key length. You are supposed to get that length from the encoded
> in pkcs #1 format. The underlying decode function should tell you how many
> bytes it is returning (assuming it's decoding pkcs #1 data). That is
I ended up writing a lot of text in response to this post, so, I am
breaking up the response into three mini-responses.
Part I
On 1/18/2012 4:23 PM, Brian Smith wrote:
> Sean Leonard wrote:
>> The most glaring problem however is that when validation fails, such
>> as in the case of a revoked ce
10 matches
Mail list logo
