Hi, I'm using NSS 3.12.4 with NSPR 4.8 release. I want to generate keys and certs with the basic supported ECC curves (nistp256, nistp384, nistp521) included when NSS is compiled with the "NSS_ENABLE_ECC" flag. However, when I try using certutil to generate certificates using the basic NIST curves, I keep receiving the "security library failure" error. Is there something in NSS that has to be patched or a step during configuration that I missed? Could someone please verify the steps performed below are correct:
tar -xvf nss-3.12.4-with-nspr-4.8.tar. gz NSS_ENABLE_ECC=1; export NSS_ENABLE_ECC cd nss-3.12.4-with-nspr-4.8/mozilla/security/nss make nss_build_all alias certutil='home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil' cd ~/nss_ecc certutil -N -d . certutil -G -k ec -q nistp256 -d . Enter Password or Pin for "NSS Certificate DB": A random seed must be generated that will be used in the creation of your key. One of the easiest ways to create a random seed is to use the timing of keystrokes on a keyboard. To begin, type keys on the keyboard until this progress meter is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD! Continue typing until the progress meter is full: |************************************************************| Finished. Press enter to continue: Generating key. This may take a few moments... certutil: unable to generate key(s) : security library failure. Thanks, Kai
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
