Glen, Thanks for the help. I was so sure I had the checksum files in the right place .... I had them .... but only with the libraries I thought I was running against, not the ones I was really running against. Whoops.
I have to ask for a little more help though. I've been reading around about key generation and key material manipulation and am hearing that key material manipulations is not allowed in FIPs mode. This seems to be confirmed by my code which works in non-FIPs mode but throws Token failed to process key: Failed to unwrap key exceptions with FIPs mode.... In FIPs mode is there any way to go from a byte[] encoding of a SecretKey and reconstitute a SecretKey. The code that works in non- FIPS mode creates a new SecretKeySpec with the correct algorithm (DESede) and calls Cipher.init() with the KeySpec. This works in non- FIPs mode but fails in FIPs mode with the error noted above. I'm thinking that NSS must allows this in some manner in FIPs mde as they would have to do this in their SSL implementation with the incoming pre master secret from the server. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
