should I just call pk11_FindObjectsByTemplate() directly to
get a public key with the given CKA_ID?
Thanks,
Kai
On Thu, Jan 28, 2010 at 7:27 PM, Robert Relyea wrote:
> On 01/28/2010 03:22 PM, Kai Chan wrote:
> > Thank you for clarifying. I was trying to figure out the details fr
), this
value is empty by default for a key object. I suppose in that case I'll
take a look at how NSS is generating this.
Thanks,
Kai
On Thu, Jan 28, 2010 at 1:14 PM, Robert Relyea wrote:
> On 01/28/2010 09:20 AM, Kai Chan wrote:
> > I apologize for the confusion. I was
,
Kai
On Wed, Jan 27, 2010 at 8:40 PM, Robert Relyea wrote:
> On 01/27/2010 03:38 PM, Kai Chan wrote:
> > Hi,
> >
> > From what I gather, keys are generated with matching certificates.
> If you mean 'when keys are generated, they have matching certs', then
> t
Hi,
>From what I gather, keys are generated with matching certificates. If I
reference existing keys in a external PKCS #11 module, I would have to use
their CK_OBJECT_HANDLE. If wanted to be able to reference these external
keys by nicknames, what would I use to generate certificates? Since th
Good deal, thanks.
On Sat, Jan 23, 2010 at 1:38 AM, Wan-Teh Chang wrote:
> 2010/1/18 Kai Chan :
> > Hi,
> >
> > In cert.h
> > (
> http://mxr.mozilla.org/security/source/security/nss/lib/certdb/cert.h#714
> ),
> > there is a line about obsolete functions
The reason I ask is because a lot of things that would be nice to abstract,
like CRL generation, is mainly done in their respective nss/cmd/
directories.
Thanks,
Kai
On Tue, Jan 19, 2010 at 5:02 PM, Kai Chan wrote:
> Hi,
>
> When writing an application that's using NSS certific
Hi,
When writing an application that's using NSS certificate operations, could
you also use helper functions in nss/cmd/lib like those in secutil.c or
write your own since they're kind of not part of the public NSS API?
Thanks,
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.or
n, what are the
workarounds to get the source from .tgz to build?
Thanks,
Kai
On Tue, Jan 19, 2010 at 6:29 AM, David Stutzman <
dstutz.m...@nospam.dstutz.com> wrote:
> On 1/15/2010 4:21 PM, Kai Chan wrote:
>
>> certutil -R -s "CN=ectest, O=ectest, L=ectest, ST=ectest, C=US&
Hi,
In cert.h (
http://mxr.mozilla.org/security/source/security/nss/lib/certdb/cert.h#714),
there is a line about obsolete functions:
**OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW
CODE
And also in certvfy.c (
http://mxr.mozilla.org/security/source/security/nss/lib/certh
n be used? Then the certificate
operations in "Extended ECC" mode require a third-party module? Sorry, I
was confused because I thought both modes were essentially the same, only
that "Basic ECC" only supported the three curves NISTP256, NISTP384, and
NISTP521
On Fri, Jan 15,
Hi,
I take it "Extended ECC" is the additional option of
"NSS_ECC_MORE_THAN_SUITE_B"? I tried NSS 3.12.5 with NSPR 8.2 with only
that option and "NSS_ENABLE_ECC", so it's using softoken. Unfortunately,
still getting the same error. Here's the command again in case I made a
mistake:
certutil -R
h them.
>
> Windows has a tool somewhat akin to this, but its path matching
> algorithm has changed in the past few years and I don't know how to
> determine it there. The tool is 'depends.exe', if I remember right,
> and it's available with the Windows SDK and Windows D
e SEC_OID_UNKNOWN, else I'd
have the "unknown Key or Hash type" error.
I guess I'm confused as to what's causing the error.
Thanks,
Kai
On Thu, Jan 14, 2010 at 5:44 PM, Kai Chan wrote:
> Thank you both for your responses. Yes, you are correct. I've compiled
>
ectest, C=US" -p
"123-456-7890" -o ectest.req -d . -k ec -q nistp256
The result I get is:
certutil: signing of data failed: security library: invalid algorithm
Thanks,
Kai
On Thu, Jan 14, 2010 at 4:49 PM, Wan-Teh Chang wrote:
> 2010/1/14 Kai Chan :
> > Hi,
> >
>
Hi,
NSS has ECDSA with SHA1 enabled in SEC_DERSignData() in secsign.c (
http://mxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c),
but will ECDSA with SHA256 and higher be supported in the future? Or is
this something as simple as adding to the switch statement, since the other
Hi,
I was looking over Tech Note 3 (
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) about
certificate extensions. Could anyone comment on the new values in
SECCertUsageEnum (certUsageUserCertImport, certUsageProtectedObjectSigner,
certUsageAnyCA) and how they might affect k
12-16 13:07 PST, Kai Chan wrote:
>
> > Is it possible to generate attribute certificates, as specified in RFC
> > 3281, in NSS?
>
> NSS's ASN.1 encoder and decoders are quite capable of encoding and decoding
> them, but no "templates" have yet been created tha
Hi,
Is it possible to generate attribute certificates, as specified in RFC 3281,
in NSS?
Thanks,
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I downloaded "nss-3.12.3.99.3-1.el5_3.2.src.rpm" from redhat.com and am
trying to build an ECC-enabled RHEL5 rpm with a modified spec file. I
uncomment in "/usr/src/redhat/SPEC/nss.spec:
NSS_ENABLE_ECC=1
export NSS_ENABLE_ECC
just before "# first, build freebl and softokn shared libraries"
operations?
Thanks,
Kai
On Fri, Nov 20, 2009 at 12:37 PM, Wan-Teh Chang wrote:
> 2009/11/20 Kai Chan :
> > I noticed in a lot of the certificate functions
> > (
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslcrt.html#1050532
> ),
> > there is an argument for C
at as NULL?
Thanks,
Kai
On Thu, Nov 19, 2009 at 3:34 PM, Wan-Teh Chang wrote:
> 2009/11/19 Kai Chan :
> > Hi,
> >
> > Is there a way to do certificate operations in NSS without using the
> > cert8.db?
>
> Yes, you can initialize NSS with NSS_NoDB_Init(NULL).
> T
Ah, noobtastic... Thank you for reminding me to check shared library
dependencies.
On Thu, Nov 19, 2009 at 3:30 PM, Wan-Teh Chang wrote:
> 2009/11/19 Kai Chan :
> > Hi,
> >
> > I'm using NSS 3.12.4 with NSPR 4.8 release. I want to generate keys and
> > ce
ut I was hoping anyone could confirm that
this is a viable and "standard" way of modifying NSS to use a third-party
cryptographic module and, if not, could point me in the right direction.
On Thu, Nov 19, 2009 at 2:54 PM, Kai Chan wrote:
> Hi,
>
> Is there a way to do certificate o
I retrieved the file from the Mozilla FTP site:
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/src/
I guess I'll try the source from the CVS repository.
Thanks,
Kai
On Thu, Nov 19, 2009 at 2:49 PM, Nelson B Bolyard wrote:
> On 2009-11-19 10:17 PST, Kai Ch
Hi,
Is there a way to do certificate operations in NSS without using the
cert8.db? I was looking at a post at mail-archive.com (
http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg00245.html)
that suggested all this would now be internal to the PKCS #11 module,
removing dependence o
Hi,
I'm using NSS 3.12.4 with NSPR 4.8 release. I want to generate keys and
certs with the basic supported ECC curves (nistp256, nistp384, nistp521)
included when NSS is compiled with the "NSS_ENABLE_ECC" flag. However, when
I try using certutil to generate certificates using the basic NIST curv
Hi,
I'm using NSS 3.12.4 with NSPR 4.8 release on Fedora 10. I want to generate
keys and certs with the basic supported ECC curves (nistp256, nistp384,
nistp521) included when NSS is compiled with the "NSS_ENABLE_ECC" flag. I
would greatly appreciate it if one could point out anything missing or
Hi,
I'm using NSS 3.12.4 with NSPR 4.8 release from the Mozilla FTP site on
Fedora 10. I'm interested in generating keys and certs with the basic NIST
curves (nistp256, nistp384, nistp521) included in the softoken
implementation when NSS is compiled with the "NSS_ENABLE_ECC" flag. I would
greatl
28 matches
Mail list logo