Thank you.
Julien R Pierre - Sun Microsystems wrote:
> Momcilo,
>
> Momcilo Majic wrote:
>
>> - What is the reason for intentional breaking of build with
>> NSS_ECC_MORE_THAN_SUITE_B ( #error)? (is it safe to override this?)
>
> No, it's not safe to override. You will get a broken build for ECC
Momcilo,
Momcilo Majic wrote:
> - What is the reason for intentional breaking of build with
> NSS_ECC_MORE_THAN_SUITE_B ( #error)? (is it safe to override this?)
No, it's not safe to override. You will get a broken build for ECC. This
is why the #error is there.
You can check out the ecl-curve
I've checked for ifdef on ifndef of NSS_ECC_MORE_THAN_SUITE_B. Ther are
located in several .h and .c files:
- sslimpl.h
- sslcon.c
- ssl3ecc.c
- ssl3con.c
- softkver.h
- secsign.c
- p7decode.c
- nss.h
- fipstest.c
- ecl-curve.h
- ecl.c
- cmssiginfo.c
- certutil.c
Manual patching of files of intere
[re-sent through different SMTP host, since the first one was rejected]
Nelson B wrote:
>> In those, I get "certutil: signing of data failed: security library:
>> invalid algorithm.". For the rest, I get ": An I/O error occurred
>> during security authorization."
>
> Sounds like something isn't
Paul Hoffman wrote:
>> Sounds like something isn't right. Those 3 curves definitely work in
>> SSL/TLS.
>
> OK, how do I figure what what "isn't right". If there is a debugging
> mode I can turn on during the build, that's fine.
See my list of make variables in
news://news.mozilla.org:23/[EMAIL
At 10:51 AM -0800 1/12/07, Nelson B wrote:
Some of those names are synonyms.
Yup, understood.
OTOH, this creates the impression that we support twice as many curves as
we really do. It caused our QA department to do twice as much testing as
needed. So, I invite input on the desirability / w
Paul Hoffman wrote:
> At 6:33 AM -0500 1/12/07, David Stutzman wrote:
>> I got that error trying to do a keygen myself when the security
>> database didn't have a master password set.
>>
>> reference:
>> http://groups-beta.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/f8870108996c4b
At 6:33 AM -0500 1/12/07, David Stutzman wrote:
Paul Hoffman wrote:
: An I/O error occurred during security authorization.
More clues?
I got that error trying to do a keygen myself when the security
database didn't have a master password set.
reference:
http://groups-beta.google.com/group
Paul Hoffman wrote:
: An I/O error occurred during security authorization.
More clues?
I got that error trying to do a keygen myself when the security database
didn't have a master password set.
reference:
http://groups-beta.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/f88701
David Stutzman wrote:
I gleaned this from a presentation by a Microsoft employee at the
Certicom ECC Conference:
ECC Details in Vista
• Using implementation from MS Research
• NIST ECC prime curves support
– P-256, P-384, P-521
• ECDSA: Signature
• ECDH: Secret agreement
• Not Suppo
At 9:20 AM -0800 1/11/07, Nelson B wrote:
Paul Hoffman wrote:
Is there a list of these somewhere?
Not to my knowledge. That's why I wrote that list in previous email.
Ah. Thanks for that then!
> I am particularly interested in what NSS_ECC_MORE_THAN_SUITE_B does,
It is incomplete. Do
Nelson B wrote:
You need to specify the curve with "-q curvename"
See output of certutil -H for a list of curve names.
Unfortunately, that list is wrong. It includes many curve names that
are not implemented presently. There are only 3 available right now.
They're the same ones used by Microsoft
Paul Hoffman wrote:
> Is there a list of these somewhere?
Not to my knowledge. That's why I wrote that list in previous email.
> I couldn't find any documentation on this with grep.
>
> I am particularly interested in what NSS_ECC_MORE_THAN_SUITE_B does,
It is incomplete. Doesn't work in its
Closer, but still not there. After building with NSS_ENABLE_ECC=1, I
tried again.
# certutil -R -s "CN=ECDSA" -o ecdsareq.req -k ec
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes
At 3:50 PM -0800 1/10/07, Nelson Bolyard wrote:
Paul Hoffman wrote:
Numerous optional features of NSS builds are controlled through make
variables. Make variables may be set on the gmake command line, e.g.
gmake variable=value variable=value target1 target2
or defined in the environment, e.g.
Paul Hoffman wrote:
> At 12:47 PM -0800 1/8/07, Nelson B wrote:
>> Paul Hoffman wrote:
>>> At 9:41 AM -0800 1/8/07, Nelson B wrote:
Paul Hoffman wrote:
> Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
> certificates. Does the current version support ECDSA? I
At 12:47 PM -0800 1/8/07, Nelson B wrote:
Paul Hoffman wrote:
At 9:41 AM -0800 1/8/07, Nelson B wrote:
Paul Hoffman wrote:
Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
certificates. Does the current version support ECDSA? I have no
problem creating, for example,
At 12:47 PM -0800 1/8/07, Nelson B wrote:
ECC is an optional feature of NSS. NSS can be built with or without ECC.
You must have a build that was built without ECC. Did you built it yourself?
No, I was using the pre-built FreeBSD port. I'm now trying to coax
that port into building from sour
Paul Hoffman wrote:
> At 9:41 AM -0800 1/8/07, Nelson B wrote:
>> Paul Hoffman wrote:
>>> Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
>>> certificates. Does the current version support ECDSA? I have no
>>> problem creating, for example, DSA cert requests, but trying to us
At 9:41 AM -0800 1/8/07, Nelson B wrote:
Paul Hoffman wrote:
Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
certificates. Does the current version support ECDSA? I have no
problem creating, for example, DSA cert requests, but trying to use
"-k ecdsa" fails with:
cert
Paul Hoffman wrote:
> Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
> certificates. Does the current version support ECDSA? I have no
> problem creating, for example, DSA cert requests, but trying to use
> "-k ecdsa" fails with:
>certutil -k: ecdsa is not a recognized
Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
certificates. Does the current version support ECDSA? I have no
problem creating, for example, DSA cert requests, but trying to use
"-k ecdsa" fails with:
certutil -k: ecdsa is not a recognized type.
22 matches
Mail list logo
