2009/11/2 Kai Chan <nahc...@gmail.com> > Hi, > > I'm using NSS 3.12.4 with NSPR 4.8 release from the Mozilla FTP site on > Fedora 10. I'm interested in generating keys and certs with the basic NIST > curves (nistp256, nistp384, nistp521) included in the softoken > implementation when NSS is compiled with the "NSS_ENABLE_ECC" flag. I would > greatly appreciate it if one could point out anything missing or incorrect > in the provided steps below: > > tar -xvf nss-3.12.4-with-nspr-4.8.tar. > gz > NSS_ENABLE_ECC=1; export NSS_ENABLE_ECC > cd nss-3.12.4-with-nspr-4.8/mozilla/security/nss > make nss_build_all > alias > certutil='home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil' > cd ~/nss_ecc > certutil -N -d . > certutil -G -k ec -q nistp256 -d . > Enter Password or Pin for "NSS Certificate DB": > > A random seed must be generated that will be used in the > creation of your key. One of the easiest ways to create a > random seed is to use the timing of keystrokes on a keyboard. > > To begin, type keys on the keyboard until this progress meter > is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD! > > > Continue typing until the progress meter is full: > > |************************************************************| > > Finished. Press enter to continue: > > > Generating key. This may take a few moments... > > certutil: unable to generate key(s) > : security library failure. >
I guess, you need a third party ECC module? Regards, Kashyap > > > Thanks, > Kai > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
