Hello,
your issue is not obvious to me. I suggest you try turning on the PKCS
# 11 Module logger
see:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html
comparing the Signing/Verifying to the unsuccessful wrap/unwrap.
Although your code (assuming various assumptions) appears t
Hi David,
did you provide JSS with the string "sql" like you did with certutil -
d sql:.
or did could just set the environment variable NSS_DEFAULT_DB_TYPE=sql
and then you will not have to specify sql.
https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
-glen
On Feb 1, 6:
Hi Glen,
I finally got all the other problems solved, and ran into this problem
when trying to run your code
I have some doubts that you're running my exact code sample and instead
have changed the code
sample which would mean the code is no longer mine and is yours. Doubts,
only of cours
morris.d...@gmail.com wrote:
I ran into issues creating the secmod database:
before moving on to Java/SunPKCS11-NSSFIPS issue you should first get
your configuration correct
so that running the modutil command will work correctly. Copying the
databases from a working system to
a sys
I ran into issues creating the secmod database:
* Steps taken on the first Windows XP Professional Version 2002 SP2
box
1) "certutil -N -d ." ran fine, created the three database files with
a strong password
2) "modutil -fips true -dbdir ." failed, with error:
"An I/O error occurred during secu
morris.d...@gmail.com wrote:
Initializing SunPKCS11 for utilization of NSS 3.11.4 capabilities
yields the following exception:
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:183)
at sun.security.pkcs11.SunPKCS11.(SunPKCS
On 9/3/09 4:24 PM, Glen Beasley wrote:
On 9/3/09 11:23 AM, Nelson B Bolyard wrote:
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service p
On 9/3/09 11:23 AM, Nelson B Bolyard wrote:
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service pack 3 and, for now, no
Visual C++ is installed.
hi,
What is the debug assertion message? While you may not get the assertion in
optimize build, it may be an issue that needs to be addressed.
Also, please specify what versions you're using.
Meaning I am trying to build JSS 4.3, NSS 3.12.4, NSPR 4.8 using Visual
C++ 6.0
and Java 6.
To build o
OIDs (see secoidt.h)
SEC_OID_X509_ANY_POLICY
* The nssckbi PKCS #11 module's version changed to 1.75.
* Support for win16 has been removed.
* Support for OpenVMS has been removed.
-Glen Beasley
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto mailing list
dev-tech-crypt
yanlin wrote:
Hi,
I am trying to locate the nss 3.12.4 or 3.12.3 RTM binary for all
platforms. Nss 3.11.4 rtm has all binaries in the ftp site but for
3.12.x there is only src dir and all binaries are missing. I'd like
to know where to find these binaries or is there any commercial
support from
Tony wrote:
On Aug 5, 10:58 pm, Nelson B Bolyard wrote:
On 2009-08-05 18:20 PDT, Tony wrote:> JSS 4.3 download links appear broken.
Tried HTTP and FTP. Any thoughts?
What JSS 4.3 download links? Where?
https://developer.mozilla.org/En/JSS/4_3_ReleaseNotes
the jss 4.3 download
NB wrote:
Hi All,
I tried to execute following commands on Solaris 10 Sparc
export LD_LIBRARY_PATH=
java -cp ./jss4.jar org.mozilla.jss.tests.SetupDBs . passwords
java -cp ./jss4.jar java org.mozilla.jss.tests.SSLClientAuth .
passwords
<<
and have following exception >>>
Failed to init
"On 7/13/09 11:40 PM, Dmitriy Varnavskiy wrote:
Still cant make it working. Are there any suggestions?
2009/7/4 Nelson B Bolyard
On 2009-07-03 10:52 PDT, Dmitriy Varnavskiy wrote:
> I have run several tests of JSS on Linux - they all worked fine
so seems
> JSS is correctly inst
hi,
When you do a Google search for NSS, JSS, or NSPR the first pages you
find are the original www.mozilla.org pages:
http://www.mozilla.org/projects/security/pki/nss/
http://www.mozilla.org/projects/security/pki/jss/
http://www.mozilla.org/projects/nspr/
we are starting to have more recent
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:"java.security.InvalidKeyException: Key is not the
right type for this algorithm" for init function. The same code runs
perfectly fine with Sun default provider.
I too
agentma...@hotmail.com wrote:
Hi,
I am trying to run the following example code for Mozilla-JSS provider
but it always gives:"java.security.InvalidKeyException: Key is not the
right type for this algorithm" for init function. The same code runs
perfectly fine with Sun default provider.
I too
agentma...@hotmail.com wrote:
Hi,
I created the db and added a certificate using these commands:
./certutil -N -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=Test, O=Test, L=Some City, ST=CA, C=US" -m 2 -d /tmp -f passfile
./certutil -S -n servercert -x -t "TCu,TCu,TCu" -s "CN=TestCA,
OU=T
hello,
We need to set a date for 3.12.4 RTM, so the lab can officially run the
algorithm tests and submit their results. I would like to provide the
lab an update after the Thursday Mozilla-dev meeting on when we expect
the official date to be.
Please review your bugs that would require ch
Glen Beasley wrote:
hi,
Looking at the bottom of this stack trace:
J java.lang.ref.Finalizer.invokeFinalizeMethod(Ljava/lang/Object;)V
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer$FinalizerThread.run()V
Called by the garbage collector on an object when garbage
hi,
Looking at the bottom of this stack trace:
J java.lang.ref.Finalizer.invokeFinalizeMethod(Ljava/lang/Object;)V
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer$FinalizerThread.run()V
Called by the garbage collector on an object when garbage collection determines
that
Nelson B Bolyard wrote:
Glen Beasley wrote, On 2009-05-11 14:01:
John Smith wrote:
Hi:
*Glen*: Wow, you managed to match that bug to my problem, even though
the test numbers are totally different (as per what Nelson said)! Its
not terribly important that all tests pass for my
John Smith wrote:
Hi:
*Glen*: Wow, you managed to match that bug to my problem, even though
the test numbers are totally different (as per what Nelson said)! Its
not terribly important that all tests pass for my purposes, so I think
I will wait for 3.12.4. Do you have a rough idea of whe
Nelson B Bolyard wrote:
John Smith wrote, On 2009-05-07 15:00 PDT:
I downloaded the NSS 3.12.3 and NSPR 4.7.4 source code and was running
the provided test suite. However, test #537 (part of "Cache CRL SSL
Client Tests") gets stuck (all previous tests pass according to
results.html), and I
have that NSS release pass it's own FIPS validation. I'm just
stating the obvious, you're likely just building NSS 3.11.4 for
debugging purposes.
-glen
I suspect I am doing something wrong during NSS/NSPR building.
Thanks,
Sreedhar
On Apr 27, 10:11 am, Glen Beasley wrote:
ksreedha...@gmail.com wrote:
Hello,
I am using JSS 4.2.5, NSS 3.11.4, NSPR 4.6.4.
If I use the binaries downloaded from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/
and
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.6.4/
ksreedha...@gmail.com wrote:
On Apr 24, 10:03 am, Wan-Teh Chang wrote:
On Thu, Apr 23, 2009 at 1:51 PM, wrote:
Hello,
I am using Mozilla JSS provider from Java.
JSS 4.2.5
NSS 3.11.4
NSPR 4.6.4
When the FIPS RNG continuous tests fail, what is the behavior in NSS/
uer certificate is invalid.
When I used with option -o (Override bad server cert), it works fine.
The certificate wes used is a Self signed certificate. So, probably
tstclnt didn't like it.
One more thing is, OpenSSL based c client is able to communicate with
server successfully.
Thanks,
Sre
hi,
can you successfully connect to your server using JSSE with it's
default provider? meaning
not using mozilla-JSS as the provider?
I know you have used ssltap can you use NSS tool tstclnt?
tstclnt -h -p -d -v -2 -3 -c v
If you want full client auth specify your cert nickname with -n
alex.agra...@gmail.com wrote:
I wonder how is it possible to load symmetric key that is stored
inside the NSS DB via JSS API? I tried using KeyStore JCA class (as in
org.mozilla.jss.tests.KeyStoreTest example):
KeyStore ks = KeyStore.getInstance("Mozilla-JSS");
but it turns out that JSSProv
David Stutzman wrote:
I'm in the process of porting over certificate path building code from
using Sun's API to using JSS as we are gradually migrating all of our
crypto over to JSS/NSS. I'm running some testing with
CryptoManager.buildCertificateChain(X509Certificate leaf).
If I grab a cert o
marcelino jr esguerra wrote:
wow! thanks for all the help. I've successfully build it now. But then
again, how do i use pk11mode in testing pkcs?
The goal of pk11mode is to test every function entry point of the PKCS11
api "that NSS provides" at least once.
Once you built NSS set your path to fi
David Stutzman wrote:
(How) Is it possible to set a connection timeout for a JSS SSLSocket?
http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html
None of the constructors have a connection timeout and
SSLSocket.setSoTimeout(int timeout) can only be cal
David Stutzman wrote:
Glen Beasley wrote:
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCerts.java
Which currently outputs
David Stutzman wrote:
Is there a way to pretty print a certificate using JSS? I know NSS
has the functionality based on output from certutil -L -n "nickname".
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start wit
Nelson B Bolyard wrote:
Sreedhar Kamishetti wrote on 2009-01-29 16:28 PST:
I just started to use JSS/NSS. So, if hope some one will reply to this
post.
We use SSL_DH_anon_WITH_3DES_EDE_CBC_SHA” as cipher suite for
communication between SSL Peers. Client is in Java and Server is in C
(uses
On 1/19/09 6:30 PM, ksreedha...@gmail.com wrote:
On Jan 15, 10:53 am, Glen Beasley wrote:
ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasley wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one
On 1/28/09 9:56 AM, Wan-Teh Chang wrote:
On Tue, Jan 27, 2009 at 9:56 PM, wrote:
Hi,
I wonder if someone could clear to me the status of NSS FIPS-140
certification on SPARC Solaris 10. According to
https://wiki.mozilla.org/FIPS_Validation
the latest certified NSS "crypto module" version i
ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasley wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various cryptographic modules
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various cryptographic modules/algorithms?
JSS is a JAVA interface to NSS; basically a JNI wrapper for NSS. JSS in
FIP
alex.agra...@gmail.com wrote:
FYI - I submitted a patch that fixes the problem.
See https://bugzilla.mozilla.org/show_bug.cgi?id=470982 for details.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/de
hi,
ps_mitrofa...@mail.ru wrote:
On 22 дек, 20:08, Nelson B Bolyard wrote:
ps_mitrofa...@mail.ru wrote, On 2008-12-22 08:45:
Please supply more output from the gmake run, like (say) the last 20
lines of output
There is building log(but there are only 5 lines of output):
gmake
banzai wrote:
Hi all,
I have tried to read all the certificates in NSS.
you probably know this but you of course can use the built in Firefox
Certificate Manager
Options->Advanced->View Certificates
I a little confused by some of the info provided. One you can configure
Sun PKCS#11 provider
On 10/29/08 07:05, Dean wrote:
Hi folks,
I was hoping somebody could confirm or correct my understanding of
which version of NSS is FIPS certified.
As I unserstand from
https://wiki.mozilla.org/FIPS_Validation
Softokn version 3.11.4 is the most recent FIPS certified version.
And this is a co
hi,
The Root Cert are stored in the PKCS #11 module that is loaded from the
library libnssckbi.so.
The default location for libnssckbi.so is the same directory with your
NSS databases cert8.db, key3.db, and secmod.db. It's
best to just copy libnssckbi. so to this directory with your NSS d
On 10/13/08 07:00 PM, marcelino esguerra jr wrote:
Good Morning!
I'm Marcelino and I'm new in pkcs. i found this test tool from
mozilla, the PK11Mode. I checkout them in cvs. However I am confused
on how to run this. I would like to ask for instructions on this.
Here are some quick instructi
Georges Martin wrote:
> Hello, I'm searching for help in building JSS for MacOS X 10.5.
>
> I've successfully built NSS 3.12, with MOZ_DEBUG_SYMBOLS set or not,
> but always get a "ld: symbol(s) not found" whenever I try to build JSS,
> as shown below.
>
> Any clues ? :-)
>
> TIA,
> Georges Marti
hi David,
For JSS with SSLServerSocket if you want to do a reconnect because your
orginal cert you configured has expired
is now INVALID you would have to re-call setServerCert or
setServerCertNickname first and configure the new cert.
For the JSS SSLSocket client connection you have the same
Marcin T wrote:
> Hi
>
> I finally discovered what is the issue here. In appears that in case
> of unsigned applets, the code is unable to access SunJCE provider
>
You need to spend your time on "signing the applet" correctly.
You really don't want to get unsigned applets working by modifying
hi Martin,
As this is not a JSS/NSS/NSPR issue.
Please read:
http://java.sun.com/javase/6/docs/technotes/guides/plugin/
If you have more questions on signing applets I believe your best source
expert information is
to ask in this forum:
http://forums.sun.com/forum.jspa?forumID=63&start=0
>
hi,
You only need to install JSS if your applet or the applet you want to
use requires JSS.
Getting the following URL (you specified) to display correctly over SSL
in FF3 does not require JSS
https://www.java.com/en/download/help/testvm.xml
The SSL connection and applet do not use JSS, so thi
hi,
JSS 4.3 beta requires NSS 3.12 because it is calling new API that was
introduced in NSS 3.12.
JSS 4.2.5 should be able to use NSS 3.12 and have no compatibiltity issues.
You don't state the actual error you're seeing.
Could you send me a private version of your applet and instructions on
h
hi,
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/
google: JSS java applet
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html
google: firefox java applet
http://kb.mozillazine.org/Java
-glen
joshuaaa wrote:
> On Jun 11, 10:04 am, jo
hello,
Can you ensure that your installation has the ".chk" files in the same
directory as
their corresponding "dlls". meaning libfreebl3.chk libsoftokn3.chk need
to be with libfreebl3.dll libsoftokn3.dll.
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/
http://mxr.m
hi,
you're welcome to create a bug, and JSS is open source so you're also
more than welcome to
provide the suggest code change for review.
Also, if you do find the actual documentation that states "required by the
JCE specification" please include the link in the bug report.
thanks,
glen
Dea
hi,
cannot you not just build the binaries yourself?
http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-release-notes.html#docs
http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html
cvs co -r NSPR_4_7_1_RTM mozilla/nsprpub
cvs co -r NSS_3_12_RTM mozill
hello Abraham,
please open a bug on JSS. Attach stack trace, test program and steps to
recreate.
https://bugzilla.mozilla.org/enter_bug.cgi?product=JSS
I will try to look at your issue then.
>Could I avoid the applet to use the new dll's on
%ProgramFiles%/Mozilla Firefox/ and use the old ver
y.java:148)
Doesn't NSS3.11.4 crypto API support all X.509 stuff?
yes NSS supports x509 but does
Best Regards,
Yevgeniy
-----Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glen Beasley
Sent: Wednesday, June 04, 2008 18:15
To: mozilla's
ry.java:148)
>
> Doesn't NSS3.11.4 crypto API support all X.509 stuff?
>
yes NSS supports x509 but does
> Best Regards,
> Yevgeniy
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glen Beasley
> Sent: Wednesday, June 04, 2008 18
hello,
Your chosen set of operations to be performed is: "DESede/CBC/NoPadding"
DESede is a block cipher and operates on 8-byte blocks. Thus, input to
DESede Cipher with CBC mode and "NoPadding"
scheme should be in multiple of 8 bytes for the encryption/decryption to
succeed.
I was able to ge
Nelson B Bolyard wrote:
joshuaaa wrote, On 2008-05-24 18:35:
I installed jss today and attempted to run a test application with no
luck. I've gone through many previous posts here and read the "using
jss" section multiple times... still haven't figured out what the
problem is. The cryptomana
and the correct version of
http://mxr.mozilla.org/security/source/security/nss/lib/freebl/ecl/ecl-curve.h
JSS assumes you know which ECC version of NSS you're using.
The basic ECC version of NSS only provides:
NIST_P256, NIST_P384, and NIST_521.
-glen
> Bill Price
> "Glen Be
Bill Price wrote:
> Based on the LXR examples on the JSS test page I appear to be able to
> generate Elliptic Curve Pairs. The examples show generation of keys of
> various length. However, I would like to generate key pairs using the
> standard curves recognized by NIST or included in Suite B. The
Dean wrote:
> Hi folks,
>
> I've been trying to use the JSS APIs to encrypt and decrypt data using
> an RSA Cipher
JSS supports RSA for signing (and signature verification) and for
wrapping and unwrapping keys (encrypting and decrypting keys), but not
for encrypting or encrypting of data.
JSS on
Wan-Teh Chang wrote:
> On Fri, Feb 22, 2008 at 2:57 PM, Gatfield, Geoffrey
> <[EMAIL PROTECTED]> wrote:
>
>> Hello,
>>
>> I tried running gmake in the directory and it reported the same error.
>> The shlibsign binary is created but it appears the sign.sh shell script
>> fails. I am building w
Erez wrote:
> Ho can I download Netscape PKCS #11 Test Suite source code?
>
no. there is a status summary explaining why on the netscape PKCS#11
test suite page.
http://www.mozilla.org/projects/security/pki/pkcs11/netscape/
* Tools: The tools regress, reporter, and replacer have yet to
Bill Price wrote:
> It appears that JSS supports elliptic curve signatures. If so, are there any
> documents describing parameters/options or code samples available. Also,
> what JSS versions support EC? Thanks.
>
>
There is no JSS documentation, but you can view code samples in the JSS
test
hi,
Please build nspr/nss/jss AIX yourself.
http://www.mozilla.org/projects/security/pki/jss/jss_build_4.2.5.html -
links to the nspr/nss build instructions.
note: when you build JSS 4.2.5 you do not need to request your own code
signing
certificate. You can build the libjss4.so from the cvs t
> Conclusion is that nss & jss in mixed builds (win9x and winnt) can't work
> together nicely.
>
> If you consider this a bug I am going to report it.
>
>
Thanks for the detail analysis and your conclusion is correct, but the
fact the win9x and winnt builds
don't work together nicely is expec
hello,
JSS is open source and you're capable of building (also contributing
to) JSS yourself.
Please build the WIN95 version yourself.
We provide some binary releases, as a courtesy, to ftp.mozilla.org but
we cannot
provide all releases, nor all variants of all platforms that can be
supported
hi,
I was not able to recreate this issue. I only tested on Solaris, I'll
try other platforms
when I have time. If you still have this issue, please create a bug and
provide as much info as possible.
thanks,
glen
Matej Spiller-Muys wrote:
> Hi,
>
> can someone please confirm the following bug
charan wrote:
> I want to know whether there is any platform independent way to
> initialize and add certificates to cert7.db
>
>
I do hope you mean cert8.db since cert7.db has been obsolete for several
years.
JSS requires NSPR/NSS. your java code is platform independent with the
understandi
Diego Zanga wrote:
> Lo
>
> is there a guide or a complete howto to connect
> pkcs storage of firefox from java?
>
no, but if anybody has time to write one, please do!
many people have managed to do this by combining information from
various existing documentation
on applets and JSS.
http://
Abraham wrote:
> Hi,
>
> I've downloaded the jss latest version (.jar 4.2.5, windows), but the sign
> appears as caduced (older version too). Is this so?
>
I'm not quite sure what "caduced" means but I think you're stating that
if you
run "jarsigner -verify jss4.jar" you get:
jar verified.
Wa
Could you zip up your test class and db then send to my email.
thank you,
glen
David Stutzman wrote:
> I've created a test class and a db to be used with it that shows the
> following issues I get while exporting credentials to PKCS12 files using
> JSS.
>
> 1) FIPS enabled generates PBA key
Abraham wrote:
> Hi all,
>
> I'm using an applet to sign digital documents. The applet code uses jss
> classes and can load firefox keystore without problems configuring user
> system as this reference explains:
>
> http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.htm
hi David,
you should file two bugs:
JSS has different Salt size than NSS for PBE
NSS appears to only handle PBE_SHA1_DES3_CBC for PKCS12
I will try to work on the bugs shortly.
thanks,
glen
David Stutzman wrote:
> David Stutzman wrote:
>
>> I'm generating keys in the softoken and then e
Nelson B wrote:
> Abraham wrote:
>
>
>> I have a problem with client authentication when I try to run an applet. The
>> java plugin requires authentication but shows me a empty list (i suppose it
>> can´t load firefox keystore). Importing certificates with Java Control Panel
>> isn´t a solution
[EMAIL PROTECTED] wrote:
> I am trying to build JSS 4.2.5 with Java 1.4.2 and I am having
> troubles. I printed the the build instructions from the website. When
> I run the build it just thrashes and crashes when it run out of
> memroy. Has anyone been able to successfully build this with Java
> 1
hi,
we support RHEL4 and nightly QA and tinderbox tests on the platform.
http://tinderbox.mozilla.org/showlog.cgi?log=NSS/1188333120.16322.gz&fulltext=1
David Stutzman wrote:
> Wan-Teh,
>
> Thanks for all the advice. I checked out and compiled JSS 4.2.5 along
> with NSS 3.11.4 and NSPR 4.6.4.
[EMAIL PROTECTED] wrote:
> Hi,
>
> there is already a topic which deals with the problem:
> http://osdir.com/ml/mozilla.crypto/2005-07/msg00034.html
>
> Unfortunately the code doesn't work. Here's what I did:
> I used the source code glen beasley posted.
> My
David Stutzman wrote:
> Robert Relyea wrote:
>
>>> The JSS method to create this is:
>>> SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes,
>>> SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[]
>>> messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey
[EMAIL PROTECTED] wrote:
> Does anyone know, how to export an Certificate to PKCS12 with JSS.
> I have found a Code-Sample, but this doesnt work, because the Metho
> privateKey.getEncoded() allways returns null.
>
>
most private keys store on a token do not support encoding and therefore
null i
e notes for JSS 4.2.5.
hope this helps,
glen
> Anders
>
> - Original Message -
> From: "Wan-Teh Chang" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, May 14, 2007 18:46
> Subject: Re: Can't find JSS 4.x
>
>
> Glen Beasley wrote:
>
Anders Rundgren wrote:
> http://www.mozilla.org/projects/security/pki/jss/
>
> The links to the newer releases appear dead.
>
>
ftp://ftp.mozilla.org/pub/mozilla.org/security/jss/releases/JSS_4_2_RTM/
works okay for me? We should be putting JSS 4_2_5 up soon.
> A question: If you would do a Fi
Dennis Sinelnikov wrote:
> Hello,
>
> Is there a way to open more than 1 NSS truststore using JSS?
> Specifically, within the same lifecycle of the java application.
>
At this time no. The database NSS currently uses, can't be used by
multiple processes.
The multiaccess database feature is
Ash wrote:
> On Apr 20, 2:30 pm, Gervase Markham <[EMAIL PROTECTED]> wrote:
>
>> Nelson B wrote:
>>
>>> But I have no idea what version of NSS was used in that version of FF,
>>> and I know of no way to find out, other than to download and install that
>>> version of FF, and then inspect th
hi,
This should be fixed in JSS 4.2.5 which we should release sometime next
month.
https://bugzilla.mozilla.org/show_bug.cgi?id=367235
-glen
j.fabre wrote:
> Hi Manuel,
>
> I had the same problem as you, and my answer at the moment is that I
> have no way to recover the certificates of a tok
Gervase Markham wrote:
> Bruno Telstar wrote:
>
>> Exception in thread "main" java.lang.UnsatisfiedLinkError: no jss4 in
>> java.library.path
>>
>
> It's looking for the .dll, not the .jar. On Linux, one would set
> LD_LIBRARY_PATH to the directory in which the DLL lives. Not sure about
>
Glen Beasley wrote:
> Gervase Markham wrote:
>
>> I've been feeling my way around the JSS API. The "Using JSS" document,
>> the FAQ and the test code are (just) enough to get going. But I've come
>> across several points where the API seems really l
Gervase Markham wrote:
> I've been feeling my way around the JSS API. The "Using JSS" document,
> the FAQ and the test code are (just) enough to get going. But I've come
> across several points where the API seems really low-level. I was
> wondering if I've missed something?
>
> I can go through
Jana Nguyen wrote:
> Hi,
>
> I've been using the NSS pkcs12util to get the credential out of the
> browser in pkcs12 format. But I now need to get the public and
> private key out of pkcs12 and into "PEM" format. Is this possible
> with mozilla tool out there?
>
> Or is it possible for NSS too
Hello Jesús,
What output do you get in the java console related to JSS?
After installing the JSS package you also have to go to Java control
panel, "Advanced tab", under "security", check on the box:
"Use certificate and keys in browser keystore".
http://java.sun.com/j2se/1.5.0/docs/guide/dep
David Stutzman wrote:
Is it possible to create a security DB using JSS? I can't find any
methods that look like they fit. I found mention of something in the
comments of
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/TestKeyGen.java#47
that says:
47 * run the
Igor Delacroix wrote:
Good Day to All
I'm added manually on secmoddb the driver of Aladdin and Rainbow tokens.
when a try do list all tokens inserted i receive just the rainbow tokens.
I'm using jss 4
somebody already had this problem?
what has been done?
Thanks in advance
Igor Delacroix
___
could you please create a JSS bug.
https://bugzilla.mozilla.org/enter_bug.cgi?product=JSS
and enter as much info as possible. Note JSS is open source, since you
have also used NSS, you're welcome to contribute.
-glen
David Stutzman wrote:
I am having basically the same problem as posted by
Nelson B wrote:
David Stutzman wrote:
Hopefully these will be relatively easy questions for you guys. I'm
asking about the internal softtoken.
Is there a max length for a cert nickname?
I think NSS imposes no maximum. I suspect that values longer than
about 15KB will not work. :)
hi,
It appears you are missing NSPR. Getting the build environment on
windows correct is
a pain for anyone the first time, but with some patience it can
certainly be accomplished.
step 3:
cvs co -r NSPR_4_4_1_RTM mozilla/nsprpub
cvs co -r DBM_1_61_RTM mozilla/dbm mozilla/security/dbm
cvs co -
Primo It wrote:
Hi,
I`m trying to do it too.
I want to insert a certificate (a file *.cer selected in the machine) into
the Permanent Certificates DB by the CryptoManager.importCertToPerm(...),
but for it, i need to create an instance of
org.mozilla.jss.crypto.X509Certificate from this selec
David Stutzman wrote:
shinigami wrote:
Hi,
E want install a cert in a db. But my cert when i receive from
outside is a java.security.cert.X509Certificate, and the method
importCertToPerm can´t do it. I need to cast this cert to
org.mozilla.jss.crypto.X509Certificate. Or exist other way to do
1 - 100 of 105 matches
Mail list logo
