Bill Price wrote: > Based on the LXR examples on the JSS test page I appear to be able to > generate Elliptic Curve Pairs. The examples show generation of keys of > various length. However, I would like to generate key pairs using the > standard curves recognized by NIST or included in Suite B. The Java > documentation has an ECGenParameterSpec that takes a string name for the > standard or predefined curve. I tried modifying the programs to accept the > parameter and guessing at the names from Suite B without success. > http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/ECGenParameterSpec.html
was introduced in J2SE 1.5. JSS cannot provide ECGenParameterSpec at this time since JSS still has to work with J2SE 1.4.2 (so FUN...) but the current implemenation creates the suite B curves by default. Meaning JSS PK11KeyPairGenerator is hard coded for a specific strengh. To find out the JSS defaults look at: http://lxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java#617 so: kpg = java.security.KeyPairGenerator.getInstance("EC", "Mozilla-JSS"); kpg.initialize(256); keyPair = kpg.genKeyPair(); System.out.println("Generated 256-bit EC KeyPair!"); The 256 key is */NIST P-256 == SECG P-256R1 (TLS-23)/* and JSS is not able to create */SECG P-256K1 (TLS-22)/* hope this helps, glen > Does JSS have the ability to generate keypairs using the standard curves? If > so, is there a list of the recognized names (as Strings)? > > Thanks. > > Bill Price > > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
