Thanks. That helps. The referenced Java program implies that 192 and 224 are recognized values for the kpg initialize method. However, the program accepted the parameters to initialize but generated errors when attempting to generate the keys. (The program worked for generating pairs using 256, 384, and 512.)
Does that error make sense? Are there other limitations on the values supported? Thanks again. Bill Price "Glen Beasley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Bill Price wrote: > > Based on the LXR examples on the JSS test page I appear to be able to > > generate Elliptic Curve Pairs. The examples show generation of keys of > > various length. However, I would like to generate key pairs using the > > standard curves recognized by NIST or included in Suite B. The Java > > documentation has an ECGenParameterSpec that takes a string name for the > > standard or predefined curve. I tried modifying the programs to accept the > > parameter and guessing at the names from Suite B without success. > > > http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/ECGenParameterSpec.html > > was introduced in J2SE 1.5. > > JSS cannot provide ECGenParameterSpec at this time since JSS still has > to work with J2SE 1.4.2 (so FUN...) > > but the current implemenation creates the suite B curves by default. > Meaning JSS PK11KeyPairGenerator is > hard coded for a specific strengh. To find out the JSS defaults look at: > > http://lxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java#617 > > so: > kpg = java.security.KeyPairGenerator.getInstance("EC", > "Mozilla-JSS"); > kpg.initialize(256); > keyPair = kpg.genKeyPair(); > System.out.println("Generated 256-bit EC KeyPair!"); > > The 256 key is */NIST P-256 == SECG P-256R1 (TLS-23)/* and JSS is not > able to create */SECG P-256K1 (TLS-22)/* > > hope this helps, > > glen > > > > Does JSS have the ability to generate keypairs using the standard curves? If > > so, is there a list of the recognized names (as Strings)? > > > > Thanks. > > > > Bill Price > > > > > > > > _______________________________________________ > > dev-tech-crypto mailing list > > dev-tech-crypto@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
