I would like to know if I have any options to mitigate this. I'm also
fully expecting the "JSS has no full-time developers, patches accepted"
answer.
The Sun^H^H^HOracle JCE "Standard Names Document" [0], which lays out
what the all the algorithm names/permutations are, lists the EC
Signature algorithms as such:
NONEwithECDSA
SHA1withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
(ECDSA)
If I query the Mozilla-JSS provider for the algorithms it supports, I
get the following EC Signature algorithms:
SHA1withEC
SHA256withEC
SHA384withEC
SHA512withEC
Is there any way to change/add some aliases so the Mozilla-JSS provider
uses the official JCE naming?
I'm running into an issue using the CertPath API where it's bombing out
[1] chaining my ECC CA hierarchy because it can't find a provider that
supports SHA384withECDSA, which, while technically correct, isn't quite
the situation.
I know I can probably go in and change the way JSS reports the algorithm
to the JCE, but won't I run into trouble with needing the signed crypto
provider?
Thanks,
Dave
[0]:
http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#Signature
[1]: certpath: SunCertPathBuilder.depthFirstSearchForward(): validation
failed: java.security.NoSuchAlgorithmException: SHA384withECDSA
Signature not available
java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not
available
at java.security.Signature.getInstance(Signature.java:193)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
