So, the silence means one of a few things: 1) I missed some part of list etiquette. I'm sorry if I missed something, but there wasn't anything I saw in the subscription page that I think I did wrong.
2) I missed something in the FIPS spec about persisting keys. Are the certificate and key databases not considered part of the FIPS module (and thus not allowed to store unwrapped secret keys)? The FIPS spec talks about storage modules, but doesn't say that you can't persist secret keys (as far as I can see). 3) JSS just can't do this. This would be surprising if the Sun PKCS11 JCA provider can store secret keys in FIPS mode (using NSS under the hood), but JSS can't. I didn't see any existing JSS (or related NSS) bugs around this. But maybe not in the context of this comment https://bugzilla.mozilla.org/show_bug.cgi?id=552954#c4 4) ??? I'm happy to send in patches (for example, the Javadoc overview for CryptoStore to say it only stores certificates and private keys), but I need to get this working first. Thanks! Jason On 9/21/10 7:50 AM, "Jason Untulis" <jason+dev-tech-cry...@untulis.org> wrote: > Simple question: how? > > I'm trying AES secret keys with JSS 4.3 and the FIPS certified NSS 3.12.4 in > 64-bit Java (compiled my own NSS, JSS jar is stock). Windows (7, Server > 2008) at the moment, Linux (CentOS) when this is working. > > The KeyStore interface theoretically doesn't work[1], even though the code > is still included in the repository. The CryptoStore interface looks like it > can store certificates and private keys, but neither public keys or secret > keys. > > Thanks! > Jason > > [1] Posts like this notwithstanding > http://old.nabble.com/symmetric-key-issues-with-NSS-3.12-p21219059.html > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
