Re: Basic ECC in NSS 3.12.4 with NSPR 4.8

2009-11-03 Thread Rob Stradling
On Tuesday 03 November 2009 14:29:43 Rob Stradling wrote: > On Tuesday 03 November 2009 13:42:14 David Stutzman wrote: > > Hi David. > > Gentoo's NSS package supports ECC because I asked them to enable it: > http://bugs.gentoo.org/247221 > > I don't think it was ever a deliberate decision on thei

Re: SSH 2.0 Keys and NSS in FIPS mode

2009-11-03 Thread Wan-Teh Chang
On Mon, Nov 2, 2009 at 8:09 PM, Bob Foss wrote: > I have an application that includes an implementation of SSH in Java. > It currently uses the Sun JCE and I'm trying to make use of the > SunPKCS11 provider which wraps calls to NSS (3.12.4) to take advantage > of NSS's FIPS compliance.  (We won't

Re: SunPKCS11 and NSS 3.11.4

2009-11-03 Thread morris.d...@gmail.com
On Nov 2, 8:13 pm, Glen Beasley wrote: > morris.d...@gmail.com wrote: > > I ran into issues creating the secmod database: > > before moving on to Java/SunPKCS11-NSSFIPS issue you should first get > your configuration correct > so that running the modutil command will work correctly. Copying t

Re: SunPKCS11 and NSS 3.11.4

2009-11-03 Thread morris.d...@gmail.com
On Nov 2, 8:13 pm, Glen Beasley wrote: > morris.d...@gmail.com wrote: > > I ran into issues creating the secmod database: > > before moving on to Java/SunPKCS11-NSSFIPS issue you should first get > your configuration correct > so that running the modutil command will work correctly. Copying t

Re: Basic ECC in NSS 3.12.4 with NSPR 4.8

2009-11-03 Thread Frank Hecker
David Stutzman wrote: Rob Stradling wrote: A question for the NSS devs: Is there any reason why NSS couldn't be changed to assume "NSS_ENABLE_ECC=1" by default? Yes... http://fedoraproject.org/wiki/User:Peter/Disabled_applications Disabled features: Elliptic Curve crypto algorithm Reas

Re: Basic ECC in NSS 3.12.4 with NSPR 4.8

2009-11-03 Thread David Stutzman
Rob Stradling wrote: A question for the NSS devs: Is there any reason why NSS couldn't be changed to assume "NSS_ENABLE_ECC=1" by default? Yes... http://fedoraproject.org/wiki/User:Peter/Disabled_applications Disabled features: Elliptic Curve crypto algorithm Reasons: software paten

Re: Basic ECC in NSS 3.12.4 with NSPR 4.8

2009-11-03 Thread Rob Stradling
On Tuesday 03 November 2009 13:42:14 David Stutzman wrote: > Some linux distributions distribute NSS built without ECC support, like > Fedora. Red Hat, on the other hand, distributes NSS sort of how Java > 1.6 is. It "suppports" ECC but itself has no ECC implementation and you > must add in a th

Re: Basic ECC in NSS 3.12.4 with NSPR 4.8

2009-11-03 Thread David Stutzman
Kashyap Chamarthy wrote: certutil -G -k ec -q nistp256 -d . Generating key. This may take a few moments... certutil: unable to generate key(s) : security library failure. I guess, you need a third party ECC module? I must admit that I am a bit puzzled by the current state