When NSS Softoken is in FIPS mode, it refuses to create keys with C_CreateObject. The same method works fine in regular (non-FIPS) mode. But, it is possible to achieve the exact same effects using either any of the procedures outlined below. So, what is the motivation for prohibiting the key creation with C_CreateObject in FIPS mode? Ultimately, the application, not Softokenm is responsible for enforcing the FIPS key management requirements.
Similar reasoning applies to using the enforcement of CKA_SENSITIVE/CKA_EXTRACTABLE. There appear to be ways of circumventing it as well. Thanks, Brian METHOD 1: 1. Use C_GenerateKey to generate a dummy key of any length. 2. Use C_DeriveKey(CKM_CONCATENATE_BASE_AND_DATA) to create a second key with the known value appended onto it. 3. Use C_DeriveKey(CKM_EXTRACT_KEY_FROM_KEY) to create a new key from just the known value part of the second key. METHOD 2: 1. For a known key of length N, generate N/2 keys using CKM_SSL3_PRE_MASTER_KEY_GEN, placing two bytes of the key at a time into the CK_VERSION parameter to that mechanism. 2. Wrap that those generated keys using your public key. 3. Unwrap those generated keys using your private keys. 4. Use CKM_EXTRACT_KEY_FROM_KEY and CKM_CONCAT_BASE_AND_KEY to reassemble the N/2 parts of the plaintext key into one usable key. METHOD 3: 1. Use another library to wrap the plaintext key value using your public key. 2. Use Softoken to unwrap that key. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
