On 8/1/07, gstandefer <[EMAIL PROTECTED]> wrote:
>
> Wan-Teh,
>
> Thank you so much!!  I didn't think I'd get a response at all, much
> less so quickly!!  That was exactly what I needed to know.

You're welcome.  I should add that even though you can work
around this requirement of our FIPS mode, the requirement
is there for a good reason -- to help ensure that private keys
and symmetric keys, when extracted outside NSS for
transport or storage, are properly protected.

So you should use the workaround only for cases where
it's ok for the symmetric keys to be unencrypted, for example,
when the symmetric keys are fixed inputs to your tests.

Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to