On 05/30/2013 01:45 PM, prax.xyzc...@gmail.com wrote:
Platform/OS: CentOS release 6.3 (Final) Linux xxxxx 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/LinuxLinuxNSS Version: nss.x86_64 3.13.3-6.el6 nss-softokn.x86_64 3.12.9-11.el6 nss-softokn-freebl.x86_64 3.12.9-11.el6 Problem: We have a Java7 application that uses NSS (with FIPS mode enabled) for RSA based crypto operations via SunPKCS11 Java abstraction. The RSA key pairs and corresponding X.509 certs are generated and stored within NSS from Java application using SunPKCS11 APIs. What I am noticing is that key3.db file size grows with operations like RSA key lookup/encryption/decryption (running in FIPS mode) over a period of time with in the context of number of crypt operations. Typically I have observed that the file size grows in chunks of 4K bytes with just roughly 35/40 encryption/decryption operations.
It sound like someone is creating more keys without deleting them. What does certutil -K -d {database} show?
Why would key3.db file increase in size when nothing is being requested to be stored and the only operations that are being performed are - lookup or encryption/decryption. Does NSS store something within the database (key3.db) as part of cryption operations?
NSS only stored private and secret keys, and only if the application requested those keys to be permanent (= CKA_TOKEN=TRUE in pkcs #11 parlance).
NOTE: FYI, no change in size is observed in cert8.db file. Any help would be greatly appreciated. Please let me know if any other piece of information would be helpful in figuring out what might be going on. Regards, Prax
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
