Does having this enabled violate the FIPS 140 requirements on exposing key
materials in the clear?
Sincerely,
Jonathan
-Original Message-
From: dev-tech-crypto
[mailto:dev-tech-crypto-bounces+schulze-hewett=infoseccorp@lists.mozilla.org]
On Behalf Of Ryan Sleevi
Sent: Tuesday, Jul
On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
> Is there any documentation available for '--extSAN' parameter? Mr.
> Google did not find any helpful resource.
Look at the help output that certutil produces with the -H command:
--extSAN type:name[,type:name]...
Create a Sub
--On July 16, 2014 17:32:22 +0200 Kai Engert wrote:
> On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
>> Is there any documentation available for '--extSAN' parameter? Mr.
>> Google did not find any helpful resource.
>
> Look at the help output that certutil produces with the -H com
On 07/16/2014 07:31 AM, Jonathan Schulze-Hewett wrote:
Does having this enabled violate the FIPS 140 requirements on exposing key
materials in the clear?
No, because the key logging fails if you are in FIPS mode (It used the
PK11_ExtractKeyValue() to get the key, which will return an error in
On 07/15/2014 08:05 PM, Chuck Lee wrote:
Yes, but it doesn't work because it also calls
PK11_ExportPrivKeyInfo() to get the RSA private key info.
Now I am trying to decrypt key exported by
PK11_ExportEncryptedPrivKeyInfo() with method
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 directly,
於 2014/7/17 上午 06:41, Robert Relyea 提到:
On 07/15/2014 08:05 PM, Chuck Lee wrote:
Yes, but it doesn't work because it also calls
PK11_ExportPrivKeyInfo() to get the RSA private key info.
Now I am trying to decrypt key exported by
PK11_ExportEncryptedPrivKeyInfo() with method
SEC_OID_PKCS12_
When it comes to key material, it's an outstanding idea to err on the
side of caution.
Does anyone actually require this feature in a non-debug build? If not,
then it's completely unreasonable to leave it in such builds, even if
it's not the weakest link and even if it doesn't break compliance.
7 matches
Mail list logo