RE: Can't unwrap key into NSS in FIPS mode

2009-01-02 Thread David Stutzman
My only guess as to the source of that number is that NSS is reporting the size in bytes (16) to Java. That key was put in to the db as a 128 bit key. -Original Message- > SunPKCS11-NSSfips AES secret key, 16 bits (id 3126949473, token object, > sensitive, extractable) 16 bits? smime

Re: Can't unwrap key into NSS in FIPS mode

2008-12-31 Thread Nelson B Bolyard
David Stutzman wrote, On 2008-12-31 11:30: > If I wrap/unwrap with a token object RSA key, I get a different error > trying to encrypt with the unwrapped AES key: > > RSA key from NSS DB: SunPKCS11-NSSfips RSA private key, 2048 bits (id > 2464323849, token object, sensitive, extractable) > pulled

RE: Can't unwrap key into NSS in FIPS mode

2008-12-31 Thread David Stutzman
If I wrap/unwrap with a token object RSA key, I get a different error trying to encrypt with the unwrapped AES key: RSA key from NSS DB: SunPKCS11-NSSfips RSA private key, 2048 bits (id 2464323849, token object, sensitive, extractable) pulled sym key out of keystore? SunPKCS11-NSSfips AES secret

RE: Can't unwrap key into NSS in FIPS mode

2008-12-31 Thread David Stutzman
Nelson, I wonder if anything from this thread has any bearing here as you describe some FIPS restrictions: http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/a5d22af274d36c6a?pli=1 I've been trying to help out Alex in the Sun forums and pointed him over here with this is

Re: Can't unwrap key into NSS in FIPS mode

2008-12-22 Thread alex . agranov
> Are you sure this is not coming from the cipher.unwrap call? > If you add a line of code to print info about the unwrapped key, > does it show that key to be in the NSS token? Actually, the cipher.unwrap call passes fine, but when I print the unwrappedKey - it looks like a secretKeySpec rather t

Re: Can't unwrap key into NSS in FIPS mode

2008-12-22 Thread Nelson B Bolyard
alex.agra...@gmail.com wrote, On 2008-12-21 08:02: > I'm working with NSS from JAVA (via JAVA 6 PKCS11 provider on RHEL 5). > My NSS database is configured for FIPS-140 mode. And I try to wrap/ > unwrap AES key with RSA public/private key pair as follows: > > // open NSS keystore > char[

Can't unwrap key into NSS in FIPS mode

2008-12-21 Thread alex . agranov
Hi, I'm working with NSS from JAVA (via JAVA 6 PKCS11 provider on RHEL 5). My NSS database is configured for FIPS-140 mode. And I try to wrap/ unwrap AES key with RSA public/private key pair as follows: // open NSS keystore char[] nssDBPassword = {'f', 'i', 'p', 's', '1', '4', '0', '-',