Hi, I'm trying to import an EC key and cert generated with openssl into an NSS DB but am getting this error from pk12util: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
I've tested this on Gentoo x86 with nss versions 3.23(portage), 3.24(portage) and 3.25 (from source) with the same result. Changing the key type to RSA works so I wonder if this might be bug in the EC key handling? Steps to reproduce: # Create an empty NSS db mkdir nss openssl rand -base64 -out nss/pw 21 certutil -d nss -f nss/pw -N # Generate an EC key/cert openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp521r1 -keyout key.pem -out cert.pem -days 3650 -nodes -subj "/CN=Test CA" # Export to pkcs12 format openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name Test # Import to nss db pk12util -i cert.p12 -d nss -k nss/pw # pk12util reports error Any help much appreciated! Chris -- View this message in context: http://mozilla.6506.n7.nabble.com/pk12util-fails-to-import-EC-keys-tp356532.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
