I finally got around to trying to build an extended ECC version of NSS but have encountered some problems. (I am neither a Linux nor C expert.) I tried to follow the directions but using the newer versions of NSS and NSPR that you mentioned in your 6/24 post. "http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-release-notes.html#docs http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html
cvs co -r NSPR_4_7_1_RTM mozilla/nsprpub cvs co -r NSS_3_12_RTM mozilla/dbm mozilla/security/dbm cvs co -r NSS_3_12_RTM mozilla/security/coreconf mozilla/security/nss" I am working in a Fedora 8 environment. The link to the ecl-curve.h file has the directives that cause a compilation error if the cited flags are set (the file also lacks pointers defining most of the curves' parameters). I found a version of the ecl-curve.h file in another LXR directory that had definitions for the curves in the table and used it. I compiled NSS and NSPR. When I use the certutil utility in the binary file, it is unable to create an ec key. The -H command does not acknowledge the existence of key types other than rsa and dsa. I used the certutil command: certutil -d . -G -k ec -q nistp256. The error message says the the keytype ec is not recognized and that -q is for the DSA q parameter. Any help or suggestions would be appreciated. Thanks. "Glen Beasley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > mozilla wrote: >> Thanks. That helps. The referenced Java program implies that 192 and 224 >> are recognized values for the kpg initialize method. However, the program >> accepted the parameters to initialize but generated errors when >> attempting >> to generate the keys. (The program worked for generating pairs using 256, >> 384, and 512.) >> >> Does that error make sense? Are there other limitations on the values >> supported? Thanks again. >> > One can build two versions of NSS. Basic ECC and extended ECC with the > flags: > > NSS_ENABLE_ECC=1 > NSS_ECC_MORE_THAN_SUITE_B=1 > and the correct version of > http://mxr.mozilla.org/security/source/security/nss/lib/freebl/ecl/ecl-curve.h > > JSS assumes you know which ECC version of NSS you're using. > > The basic ECC version of NSS only provides: > > NIST_P256, NIST_P384, and NIST_521. > > -glen >> Bill Price <<snip>> _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
