Thanks. Sounds like I the basic version.
"Glen Beasley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > mozilla wrote: > > Thanks. That helps. The referenced Java program implies that 192 and 224 > > are recognized values for the kpg initialize method. However, the program > > accepted the parameters to initialize but generated errors when attempting > > to generate the keys. (The program worked for generating pairs using 256, > > 384, and 512.) > > > > Does that error make sense? Are there other limitations on the values > > supported? Thanks again. > > > One can build two versions of NSS. Basic ECC and extended ECC with the > flags: > > NSS_ENABLE_ECC=1 > NSS_ECC_MORE_THAN_SUITE_B=1 > and the correct version of > http://mxr.mozilla.org/security/source/security/nss/lib/freebl/ecl/ecl-curve.h > > JSS assumes you know which ECC version of NSS you're using. > > The basic ECC version of NSS only provides: > > NIST_P256, NIST_P384, and NIST_521. > > -glen > > Bill Price > > "Glen Beasley"<[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > >> Bill Price wrote: > >> > >>> Based on the LXR examples on the JSS test page I appear to be able to > >>> generate Elliptic Curve Pairs. The examples show generation of keys of > >>> various length. However, I would like to generate key pairs using the > >>> standard curves recognized by NIST or included in Suite B. The Java > >>> documentation has an ECGenParameterSpec that takes a string name for the > >>> standard or predefined curve. I tried modifying the programs to accept > >>> > > the > > > >>> parameter and guessing at the names from Suite B without success. > >>> > >>> > > http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/ECGenParameterSpec.html > > > >> was introduced in J2SE 1.5. > >> > >> JSS cannot provide ECGenParameterSpec at this time since JSS still has > >> to work with J2SE 1.4.2 (so FUN...) > >> > >> but the current implemenation creates the suite B curves by default. > >> Meaning JSS PK11KeyPairGenerator is > >> hard coded for a specific strengh. To find out the JSS defaults look at: > >> > >> > >> > > http://lxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java#617 > > > >> so: > >> kpg = java.security.KeyPairGenerator.getInstance("EC", > >> "Mozilla-JSS"); > >> kpg.initialize(256); > >> keyPair = kpg.genKeyPair(); > >> System.out.println("Generated 256-bit EC KeyPair!"); > >> > >> The 256 key is */NIST P-256 == SECG P-256R1 (TLS-23)/* and JSS is not > >> able to create */SECG P-256K1 (TLS-22)/* > >> > >> hope this helps, > >> > >> glen > >> > >> > >> > >>> Does JSS have the ability to generate keypairs using the standard > >>> > > curves? If > > > >>> so, is there a list of the recognized names (as Strings)? > >>> > >>> Thanks. > >>> > >>> Bill Price > >>> > >>> > >>> > >>> _______________________________________________ > >>> dev-tech-crypto mailing list > >>> dev-tech-crypto@lists.mozilla.org > >>> https://lists.mozilla.org/listinfo/dev-tech-crypto > >>> > >>> > > > > > > _______________________________________________ > > dev-tech-crypto mailing list > > dev-tech-crypto@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
