Not a policy issue I suppose... Some days ago I have found that:
No one block cipher MAC'ing mechanism is working in either current release or trunc NSS, in either mode. I've already investigated the issue and about to file a bug this or next day. -- Konstantin Andreev. On 06/01/10 18:04, Sebastian Mayer wrote:
Sebastian Mayer wrote:Hi All, I have some problems in initializing a MAC-based signing operation. Here is the code snippet (nothing special, mostly put together from the PKCS spec samples): [SKIP] rv =pFunctionList->C_SignInit(hSession,&macMecha, hKey); if (rv != CKR_OK) { printf("error: %lx\n", rv); } C_SignInit returns CKR_MECHANISM_INVALID. [SKIP] I'm using NSS version 3.12 in FIPS-mode. Any help is appreciated.Solved - and this was again a "FIPS issue". The AES_MAC is not in the list of support mechanism in the fips-related security policy. I should read the policy more carefully ... -- Sebastian
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
