I was trying to use certutil tool (from nss-3.11.4) to create a
certificate with elliptic curve key, but I was getting an error about
invalid algorithm. I had built the tools with NSS_ENABLE_ECC defined.
I tracked the error down to lib/cryptohi/secsign.c file, in the
SGN_NewContext() function:
#ifndef NSS_ECC_MORE_THAN_SUITE_B
if (key->keyType == ecKey) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return 0;
}
#endif
I tried to rebuild with NSS_ECC_MORE_THAN_SUITE_B defined but got some
errors on compiling other files. If I comment out this section and
rebuild without NSS_ECC_MORE_THAN_SUITE_B defined certutil will create
the ecc certificates correctly. I haven't been able to find
information about this define, what is the difference between
NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B and what is the proper way
to build it to support ecc certificates?
Thanks,
Aaron
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
