Hello,
your issue is not obvious to me. I suggest you try turning on the PKCS
# 11 Module logger
see:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html
comparing the Signing/Verifying to the unsuccessful wrap/unwrap.
Although your code (assuming various assumptions) appears
Hi David,
did you provide JSS with the string sql like you did with certutil -
d sql:.
or did could just set the environment variable NSS_DEFAULT_DB_TYPE=sql
and then you will not have to specify sql.
https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
-glen
On Feb 1,
morris.d...@gmail.com wrote:
I ran into issues creating the secmod database:
before moving on to Java/SunPKCS11-NSSFIPS issue you should first get
your configuration correct
so that running the modutil command will work correctly. Copying the
databases from a working system to
a
morris.d...@gmail.com wrote:
Initializing SunPKCS11 for utilization of NSS 3.11.4 capabilities
yields the following exception:
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.init(SunPKCS11.java:183)
at
I ran into issues creating the secmod database:
* Steps taken on the first Windows XP Professional Version 2002 SP2
box
1) certutil -N -d . ran fine, created the three database files with
a strong password
2) modutil -fips true -dbdir . failed, with error:
An I/O error occurred during security
On 9/3/09 4:24 PM, Glen Beasley wrote:
On 9/3/09 11:23 AM, Nelson B Bolyard wrote:
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service pack 3
hi,
What is the debug assertion message? While you may not get the assertion in
optimize build, it may be an issue that needs to be addressed.
Also, please specify what versions you're using.
Meaning I am trying to build JSS 4.3, NSS 3.12.4, NSPR 4.8 using Visual
C++ 6.0
and Java 6.
To build
yanlin wrote:
Hi,
I am trying to locate the nss 3.12.4 or 3.12.3 RTM binary for all
platforms. Nss 3.11.4 rtm has all binaries in the ftp site but for
3.12.x there is only src dir and all binaries are missing. I'd like
to know where to find these binaries or is there any commercial
support
)
SEC_OID_X509_ANY_POLICY
* The nssckbi PKCS #11 module's version changed to 1.75.
* Support for win16 has been removed.
* Support for OpenVMS has been removed.
-Glen Beasley
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
Tony wrote:
On Aug 5, 10:58 pm, Nelson B Bolyard nel...@bolyard.me wrote:
On 2009-08-05 18:20 PDT, Tony wrote: JSS 4.3 download links appear broken.
Tried HTTP and FTP. Any thoughts?
What JSS 4.3 download links? Where?
https://developer.mozilla.org/En/JSS/4_3_ReleaseNotes
the
hi,
When you do a Google search for NSS, JSS, or NSPR the first pages you
find are the original www.mozilla.org pages:
http://www.mozilla.org/projects/security/pki/nss/
http://www.mozilla.org/projects/security/pki/jss/
http://www.mozilla.org/projects/nspr/
we are starting to have more
agentma...@hotmail.com wrote:
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t TCu,TCu,TCu -s CN=TestCA,
OU=Test,
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:java.security.InvalidKeyException: Key is not the
right type for this algorithm for init function. The same code runs
perfectly fine with Sun default provider.
I took
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:java.security.InvalidKeyException: Key is not the
right type for this algorithm for init function. The same code runs
perfectly fine with Sun default provider.
I took
hello,
We need to set a date for 3.12.4 RTM, so the lab can officially run the
algorithm tests and submit their results. I would like to provide the
lab an update after the Thursday Mozilla-dev meeting on when we expect
the official date to be.
Please review your bugs that would require
hi,
Looking at the bottom of this stack trace:
J java.lang.ref.Finalizer.invokeFinalizeMethod(Ljava/lang/Object;)V
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer$FinalizerThread.run()V
Called by the garbage collector on an object when garbage collection determines
Glen Beasley wrote:
hi,
Looking at the bottom of this stack trace:
J java.lang.ref.Finalizer.invokeFinalizeMethod(Ljava/lang/Object;)V
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer$FinalizerThread.run()V
Called by the garbage collector on an object when garbage
John Smith wrote:
Hi:
*Glen*: Wow, you managed to match that bug to my problem, even though
the test numbers are totally different (as per what Nelson said)! Its
not terribly important that all tests pass for my purposes, so I think
I will wait for 3.12.4. Do you have a rough idea of
Nelson B Bolyard wrote:
Glen Beasley wrote, On 2009-05-11 14:01:
John Smith wrote:
Hi:
*Glen*: Wow, you managed to match that bug to my problem, even though
the test numbers are totally different (as per what Nelson said)! Its
not terribly important that all tests pass for my
Nelson B Bolyard wrote:
John Smith wrote, On 2009-05-07 15:00 PDT:
I downloaded the NSS 3.12.3 and NSPR 4.7.4 source code and was running
the provided test suite. However, test #537 (part of Cache CRL SSL
Client Tests) gets stuck (all previous tests pass according to
results.html), and I
ksreedha...@gmail.com wrote:
Hello,
I am using JSS 4.2.5, NSS 3.11.4, NSPR 4.6.4.
If I use the binaries downloaded from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/
and
and then have that NSS release pass it's own FIPS validation. I'm just
stating the obvious, you're likely just building NSS 3.11.4 for
debugging purposes.
-glen
I suspect I am doing something wrong during NSS/NSPR building.
Thanks,
Sreedhar
On Apr 27, 10:11 am, Glen Beasley glen.beas...@sun.com wrote
ksreedha...@gmail.com wrote:
On Apr 24, 10:03 am, Wan-Teh Chang w...@google.com wrote:
On Thu, Apr 23, 2009 at 1:51 PM, ksreedha...@gmail.com wrote:
Hello,
I am using Mozilla JSS provider from Java.
JSS 4.2.5
NSS 3.11.4
NSPR 4.6.4
When the FIPS RNG continuous
with option -o (Override bad server cert), it works fine.
The certificate wes used is a Self signed certificate. So, probably
tstclnt didn't like it.
One more thing is, OpenSSL based c client is able to communicate with
server successfully.
Thanks,
Sreedhar
On Apr 2, 4:52 pm, Glen Beasley glen.beas
hi,
can you successfully connect to your server using JSSE with it's
default provider? meaning
not using mozilla-JSS as the provider?
I know you have used ssltap can you use NSS tool tstclnt?
tstclnt -h hostname -p port -d your nss cert db dir -v -2 -3 -c v
If you want full client auth
alex.agra...@gmail.com wrote:
I wonder how is it possible to load symmetric key that is stored
inside the NSS DB via JSS API? I tried using KeyStore JCA class (as in
org.mozilla.jss.tests.KeyStoreTest example):
KeyStore ks = KeyStore.getInstance(Mozilla-JSS);
but it turns out that
David Stutzman wrote:
I'm in the process of porting over certificate path building code from
using Sun's API to using JSS as we are gradually migrating all of our
crypto over to JSS/NSS. I'm running some testing with
CryptoManager.buildCertificateChain(X509Certificate leaf).
If I grab a cert
marcelino jr esguerra wrote:
wow! thanks for all the help. I've successfully build it now. But then
again, how do i use pk11mode in testing pkcs?
The goal of pk11mode is to test every function entry point of the PKCS11
api that NSS provides at least once.
Once you built NSS set your path to
David Stutzman wrote:
(How) Is it possible to set a connection timeout for a JSS SSLSocket?
http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html
None of the constructors have a connection timeout and
SSLSocket.setSoTimeout(int timeout) can only be
David Stutzman wrote:
Glen Beasley wrote:
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCerts.java
Which currently outputs
David Stutzman wrote:
Is there a way to pretty print a certificate using JSS? I know NSS
has the functionality based on output from certutil -L -n nickname.
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
Nelson B Bolyard wrote:
Sreedhar Kamishetti wrote on 2009-01-29 16:28 PST:
I just started to use JSS/NSS. So, if hope some one will reply to this
post.
We use SSL_DH_anon_WITH_3DES_EDE_CBC_SHA” as cipher suite for
communication between SSL Peers. Client is in Java and Server is in C
On 1/19/09 6:30 PM, ksreedha...@gmail.com wrote:
On Jan 15, 10:53 am, Glen Beasleyglen.beas...@sun.com wrote:
ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasleyglen.beas...@sun.com wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started
ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasley glen.beas...@sun.com wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various cryptographic modules/algorithms?
JSS is a JAVA interface to NSS; basically a JNI wrapper for NSS. JSS in
alex.agra...@gmail.com wrote:
FYI - I submitted a patch that fixes the problem.
See https://bugzilla.mozilla.org/show_bug.cgi?id=470982 for details.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 10/29/08 07:05, Dean wrote:
Hi folks,
I was hoping somebody could confirm or correct my understanding of
which version of NSS is FIPS certified.
As I unserstand from
https://wiki.mozilla.org/FIPS_Validation
Softokn version 3.11.4 is the most recent FIPS certified version.
And this is a
hi,
The Root Cert are stored in the PKCS #11 module that is loaded from the
library libnssckbi.so.
The default location for libnssckbi.so is the same directory with your
NSS databases cert8.db, key3.db, and secmod.db. It's
best to just copy libnssckbi. so to this directory with your NSS
Georges Martin wrote:
Hello, I'm searching for help in building JSS for MacOS X 10.5.
I've successfully built NSS 3.12, with MOZ_DEBUG_SYMBOLS set or not,
but always get a ld: symbol(s) not found whenever I try to build JSS,
as shown below.
Any clues ? :-)
TIA,
Georges Martin
$ make
hi David,
For JSS with SSLServerSocket if you want to do a reconnect because your
orginal cert you configured has expired
is now INVALID you would have to re-call setServerCert or
setServerCertNickname first and configure the new cert.
For the JSS SSLSocket client connection you have the
Marcin T wrote:
Hi
I finally discovered what is the issue here. In appears that in case
of unsigned applets, the code is unable to access SunJCE provider
You need to spend your time on signing the applet correctly.
You really don't want to get unsigned applets working by modifying your
hi Martin,
As this is not a JSS/NSS/NSPR issue.
Please read:
http://java.sun.com/javase/6/docs/technotes/guides/plugin/
If you have more questions on signing applets I believe your best source
expert information is
to ask in this forum:
http://forums.sun.com/forum.jspa?forumID=63start=0
hi,
You only need to install JSS if your applet or the applet you want to
use requires JSS.
Getting the following URL (you specified) to display correctly over SSL
in FF3 does not require JSS
https://www.java.com/en/download/help/testvm.xml
The SSL connection and applet do not use JSS, so
hi,
JSS 4.3 beta requires NSS 3.12 because it is calling new API that was
introduced in NSS 3.12.
JSS 4.2.5 should be able to use NSS 3.12 and have no compatibiltity issues.
You don't state the actual error you're seeing.
Could you send me a private version of your applet and instructions on
hello,
Can you ensure that your installation has the .chk files in the same
directory as
their corresponding dlls. meaning libfreebl3.chk libsoftokn3.chk need
to be with libfreebl3.dll libsoftokn3.dll.
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/
hi,
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/
google: JSS java applet
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html
google: firefox java applet
http://kb.mozillazine.org/Java
-glen
joshuaaa wrote:
On Jun 11, 10:04 am,
hi,
you're welcome to create a bug, and JSS is open source so you're also
more than welcome to
provide the suggest code change for review.
Also, if you do find the actual documentation that states required by the
JCE specification please include the link in the bug report.
thanks,
glen
Dean
hello Abraham,
please open a bug on JSS. Attach stack trace, test program and steps to
recreate.
https://bugzilla.mozilla.org/enter_bug.cgi?product=JSS
I will try to look at your issue then.
Could I avoid the applet to use the new dll's on
%ProgramFiles%/Mozilla Firefox/ and use the old
hi,
cannot you not just build the binaries yourself?
http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-release-notes.html#docs
http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html
cvs co -r NSPR_4_7_1_RTM mozilla/nsprpub
cvs co -r NSS_3_12_RTM
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glen Beasley
Sent: Wednesday, June 04, 2008 18:15
To: mozilla's crypto code discussion list
Subject: Re: Cannot encrypt cipher via pkcs11 in nss fips mode
hello,
Your chosen set of operations to be performed is: DESede/CBC/NoPadding
DESede
but does
Best Regards,
Yevgeniy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glen Beasley
Sent: Wednesday, June 04, 2008 18:15
To: mozilla's crypto code discussion list
Subject: Re: Cannot encrypt cipher via pkcs11 in nss fips mode
hello,
Your chosen
://mxr.mozilla.org/security/source/security/nss/lib/freebl/ecl/ecl-curve.h
JSS assumes you know which ECC version of NSS you're using.
The basic ECC version of NSS only provides:
NIST_P256, NIST_P384, and NIST_521.
-glen
Bill Price
Glen Beasley[EMAIL PROTECTED] wrote in message
news:[EMAIL
Dean wrote:
Hi folks,
I've been trying to use the JSS APIs to encrypt and decrypt data using
an RSA Cipher
JSS supports RSA for signing (and signature verification) and for
wrapping and unwrapping keys (encrypting and decrypting keys), but not
for encrypting or encrypting of data.
JSS only
Bill Price wrote:
It appears that JSS supports elliptic curve signatures. If so, are there any
documents describing parameters/options or code samples available. Also,
what JSS versions support EC? Thanks.
There is no JSS documentation, but you can view code samples in the JSS
tests
Conclusion is that nss jss in mixed builds (win9x and winnt) can't work
together nicely.
If you consider this a bug I am going to report it.
Thanks for the detail analysis and your conclusion is correct, but the
fact the win9x and winnt builds
don't work together nicely is expected
charan wrote:
I want to know whether there is any platform independent way to
initialize and add certificates to cert7.db
I do hope you mean cert8.db since cert7.db has been obsolete for several
years.
JSS requires NSPR/NSS. your java code is platform independent with the
understanding
hi,
I was not able to recreate this issue. I only tested on Solaris, I'll
try other platforms
when I have time. If you still have this issue, please create a bug and
provide as much info as possible.
thanks,
glen
Matej Spiller-Muys wrote:
Hi,
can someone please confirm the following bug.
hello,
JSS is open source and you're capable of building (also contributing
to) JSS yourself.
Please build the WIN95 version yourself.
We provide some binary releases, as a courtesy, to ftp.mozilla.org but
we cannot
provide all releases, nor all variants of all platforms that can be
Abraham wrote:
Hi,
I've downloaded the jss latest version (.jar 4.2.5, windows), but the sign
appears as caduced (older version too). Is this so?
I'm not quite sure what caduced means but I think you're stating that
if you
run jarsigner -verify jss4.jar you get:
jar verified.
Warning:
Diego Zanga wrote:
Lo
is there a guide or a complete howto to connect
pkcs storage of firefox from java?
no, but if anybody has time to write one, please do!
many people have managed to do this by combining information from
various existing documentation
on applets and JSS.
Abraham wrote:
Hi all,
I'm using an applet to sign digital documents. The applet code uses jss
classes and can load firefox keystore without problems configuring user
system as this reference explains:
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html
hi David,
you should file two bugs:
JSS has different Salt size than NSS for PBE
NSS appears to only handle PBE_SHA1_DES3_CBC for PKCS12
I will try to work on the bugs shortly.
thanks,
glen
David Stutzman wrote:
David Stutzman wrote:
I'm generating keys in the softoken and then
Nelson B wrote:
Abraham wrote:
I have a problem with client authentication when I try to run an applet. The
java plugin requires authentication but shows me a empty list (i suppose it
can´t load firefox keystore). Importing certificates with Java Control Panel
isn´t a solution because i
hi,
we support RHEL4 and nightly QA and tinderbox tests on the platform.
http://tinderbox.mozilla.org/showlog.cgi?log=NSS/1188333120.16322.gzfulltext=1
David Stutzman wrote:
Wan-Teh,
Thanks for all the advice. I checked out and compiled JSS 4.2.5 along
with NSS 3.11.4 and NSPR 4.6.4.
[EMAIL PROTECTED] wrote:
Hi,
there is already a topic which deals with the problem:
http://osdir.com/ml/mozilla.crypto/2005-07/msg00034.html
Unfortunately the code doesn't work. Here's what I did:
I used the source code glen beasley posted.
My pkcs11.cfg looks like this:
name=NSSSofToken
David Stutzman wrote:
Robert Relyea wrote:
The JSS method to create this is:
SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes,
SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[]
messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
[EMAIL PROTECTED] wrote:
Does anyone know, how to export an Certificate to PKCS12 with JSS.
I have found a Code-Sample, but this doesnt work, because the Metho
privateKey.getEncoded() allways returns null.
most private keys store on a token do not support encoding and therefore
null is
,
glen
Anders
- Original Message -
From: Wan-Teh Chang [EMAIL PROTECTED]
To: dev-tech-crypto@lists.mozilla.org
Sent: Monday, May 14, 2007 18:46
Subject: Re: Can't find JSS 4.x
Glen Beasley wrote:
Anders Rundgren wrote:
http://www.mozilla.org/projects/security/pki
Anders Rundgren wrote:
http://www.mozilla.org/projects/security/pki/jss/
The links to the newer releases appear dead.
ftp://ftp.mozilla.org/pub/mozilla.org/security/jss/releases/JSS_4_2_RTM/
works okay for me? We should be putting JSS 4_2_5 up soon.
A question: If you would do a Firefox
Ash wrote:
On Apr 20, 2:30 pm, Gervase Markham [EMAIL PROTECTED] wrote:
Nelson B wrote:
But I have no idea what version of NSS was used in that version of FF,
and I know of no way to find out, other than to download and install that
version of FF, and then inspect the NSS files to
Dennis Sinelnikov wrote:
Hello,
Is there a way to open more than 1 NSS truststore using JSS?
Specifically, within the same lifecycle of the java application.
At this time no. The database NSS currently uses, can't be used by
multiple processes.
The multiaccess database feature is
Gervase Markham wrote:
I've been feeling my way around the JSS API. The Using JSS document,
the FAQ and the test code are (just) enough to get going. But I've come
across several points where the API seems really low-level. I was
wondering if I've missed something?
I can go through the
Glen Beasley wrote:
Gervase Markham wrote:
I've been feeling my way around the JSS API. The Using JSS document,
the FAQ and the test code are (just) enough to get going. But I've come
across several points where the API seems really low-level. I was
wondering if I've missed something
Jana Nguyen wrote:
Hi,
I've been using the NSS pkcs12util to get the credential out of the
browser in pkcs12 format. But I now need to get the public and
private key out of pkcs12 and into PEM format. Is this possible
with mozilla tool out there?
Or is it possible for NSS tool to get
Hello Jesús,
What output do you get in the java console related to JSS?
After installing the JSS package you also have to go to Java control
panel, Advanced tab, under security, check on the box:
Use certificate and keys in browser keystore.
Igor Delacroix wrote:
Good Day to All
I'm added manually on secmoddb the driver of Aladdin and Rainbow tokens.
when a try do list all tokens inserted i receive just the rainbow tokens.
I'm using jss 4
somebody already had this problem?
what has been done?
Thanks in advance
Igor Delacroix
could you please create a JSS bug.
https://bugzilla.mozilla.org/enter_bug.cgi?product=JSS
and enter as much info as possible. Note JSS is open source, since you
have also used NSS, you're welcome to contribute.
-glen
David Stutzman wrote:
I am having basically the same problem as posted by
David Stutzman wrote:
shinigami wrote:
Hi,
E want install a cert in a db. But my cert when i receive from
outside is a java.security.cert.X509Certificate, and the method
importCertToPerm can´t do it. I need to cast this cert to
org.mozilla.jss.crypto.X509Certificate. Or exist other way to do
Sandeep Konchady wrote:
Hello,
Could you please post the code that you are using to delete cert.
Also is there any particular reason for not wanting to upgrade. The
latest in the JSS 3.x is 3.11.1. This has a few critical fixes which
you may want to consider.
Thanks,
Sandeep
DB wrote:
79 matches
Mail list logo