Paul Hoffman wrote: > At 6:33 AM -0500 1/12/07, David Stutzman wrote: >> I got that error trying to do a keygen myself when the security >> database didn't have a master password set. >> >> reference: >> http://groups-beta.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/f8870108996c4b9e/49c7587b29872093 >> >> You can change the password using modutil if you think this might be >> your problem. > > Well, it seems to be part of the problem; the error message seems to > be another part. > > When I did that, I got different results for the following than for the rest: > nistp256 > nistp384 > nistp521 > secp256r1 > secp384r1 > secp521r1
Some of those names are synonyms. nistp256 == secp256r1 nistp384 == secp384r1 nistp521 == secp521r1 We list both styles of name right now, because some documents will specify a curve to use by one name, and others by the other name, and users may not know the alternate names for the curves they've been told to use. OTOH, this creates the impression that we support twice as many curves as we really do. It caused our QA department to do twice as much testing as needed. So, I invite input on the desirability / wisdom of listing each curve by all of its names. > In those, I get "certutil: signing of data failed: security library: > invalid algorithm.". For the rest, I get ": An I/O error occurred > during security authorization." Sounds like something isn't right. Those 3 curves definitely work in SSL/TLS. > I take that to mean that the six listed above are the "real" > algorithms and the others are not. However, I still can't get a > signature. More clues would be helpful. > > And, yes, I am volunteering to write all this up for the web page and > so on after I am successful. > > --Paul Hoffman -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
