Hello, Robert.
On Mon, 10 Oct 2009, Robert Relyea wrote:
On 10/05/2009 09:27 AM, Konstantin Andreev wrote:
In the source code of the "softoken" library I see various conditional
manipulations with CKA_NETSCAPE_DB attribute of private keys.
Since I am adding a new (GOST) type of private key to NSS, I need to know how
CKA_NETSCAPE_DB should apply to this key.
But I haven't found enough information about the intended use of
CKA_NETSCAPE_DB in neither MDC nor bugzilla.
Could you, please, advice, how should I handle CKA_NETSCAPE_DB for GOST private
keys ?
GOST private key? Are you talking about a new asymmetric algorithm (a.la. RSA
and DH)? If so, then you would need to worry about private keys. If you are
just talking about a symmetric algorithm, then there is no need. You're key is
a secret key, and should be handled automatically.
Yes, the GOST (i.e. "Russian Federation National Standard") suite includes asymmetric
digital signature algorithm. That is what referenced as "GOST R 34.10-2001" in RFC
documents, and what I am talking about.
Basically, this is an elliptic curve algorithm, but GOST signature slightly differ from
X9.62 EC signature. GOST digital signature is not affected by Certicom patents and free
for use. Even more, in Russia, it is mandated for use in government organizations and
"working for government" organizations.
From NSS perspective, GOST ECC signatures can't be intermixed with X9.62
signatures, because all data formats are completely different. You can refer to
patch 1 in bug 518787 for some examples of this difference.
In the "softoken", CKA_NETSCAPE_DB is applied to private keys in a various
mystic ways. It's unclear, which concern it has to GOST private keys. Could you, please,
advice ?
Best regards,
--
Konstantin Andreev, software engineer.
Swemel JSC
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
