Peder, what you encountered is a [bug 327773] http://bugzilla.mozilla.org/show_bug.cgi?id=327773
NSS pk11wrap layer has two functions to create private keys in a token: PK11_ImportEncryptedPrivateKeyInfo and PK11_ImportAndReturnPrivateKey. But only 1st of them supports EC keys. You may try resurrect the bug activity. Regards, Konstantin On 12.04.11 20:52, Peder Nielsen @ GecoInc wrote:
Nobody replied to this post but I did find a solution. <...> Peder Nielsen @ GecoInc wrote:I am attempting to port a Java based FileSigner application from RSA BSAFE Crypto-J 4.0 to Mozilla JSS. <...> Tracing this down to the NSS Native routine fromPrivateKeyInfo, I find the issue here: File: mozilla\security\nss\lib\pk11wrap\pk11pk12.c Routine: PK11_ImportPrivateKeyInfoAndReturnKey() The switch statement handles only 3 Private key SEC OID's as follows: SEC_OID_PKCS1_RSA_ENCRYPTION = 16 SEC_OID_ANSIX9_DSA_SIGNATURE = 124 SEC_OID_X942_DIFFIE_HELMAN_KEY = 174 Unfortunately, our SEC OID is this: SEC_OID_ANSIX962_EC_PUBLIC_KEY = 200 So the switch handles this as the default case and passes back NULL. Is it possible to add NSS support for decoding this type of Private Key? Or is there another means I can use to gain access to the Private Key I can use for signing? <...> Peder Nielsen
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
