On 01/15/2015 02:35 PM, Robert Daniels wrote:
> Ok, I tested this on the latest 0.16 and it works.
>
> Thanks again for the help.
Fabulous, thanks for the feedback.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Thursday, January 15, 2015 at 8:46:04 AM UTC-5, John Dennis wrote:
> On 01/15/2015 07:50 AM, Robert Daniels wrote:
> > We are using python-nss 0.12. I will pull the newest and see if that
> > fixes the problem.
>
> Current version is 0.16.0.
>
> Not sure where
On 01/15/2015 07:50 AM, Robert Daniels wrote:
> We are using python-nss 0.12. I will pull the newest and see if that
> fixes the problem.
Current version is 0.16.0.
Not sure where you're pulling it from, the Mozilla site
https://developer.mozilla.org/en-US/docs/Mozilla/P
We are using python-nss 0.12. I will pull the newest and see if that fixes the
problem.
Also on the password callback, just a theory but it could be since it cannot
find the cert, it does not get to the point where it needs the password.
I'll chime back after testing with a newer versi
t were the case you would get a subsequent
error about not have permission to access the key.
What version of python-nss are you using?
> I also notice 2 flavors of the callbacks for password, one taking 2
> parameters and the other 3, which is confusing. find_any_key_bt_cert
> only works
John,
Some additional observations.
If I debug with a breakpoint over the password callback, it's never called when
invoking pkcs12_export, however it is invoked when calling
find_key_by_any_cert.
I also notice 2 flavors of the callbacks for password, one taking 2 parameters
and the other 3,
On Wednesday, January 14, 2015 at 2:36:45 PM UTC-5, Robert Daniels wrote:
> On Wednesday, January 14, 2015 at 11:27:50 AM UTC-5, John Dennis wrote:
> > On 01/14/2015 09:58 AM, Robert Daniels wrote:
> > > Trying as you suggested today, but ran into some other thing which is
> > > puzzling.
> > >
>
On Wednesday, January 14, 2015 at 11:27:50 AM UTC-5, John Dennis wrote:
> On 01/14/2015 09:58 AM, Robert Daniels wrote:
> > Trying as you suggested today, but ran into some other thing which is
> > puzzling.
> >
> > When I call cert = find_cert_from_nickname(nn, pwd) I successfully pull the
> >
On 01/14/2015 09:58 AM, Robert Daniels wrote:
> Trying as you suggested today, but ran into some other thing which is
> puzzling.
>
> When I call cert = find_cert_from_nickname(nn, pwd) I successfully pull the
> server cert.
> I then call find_key_by_any_cert(cert, certpassword) I get an object
Trying as you suggested today, but ran into some other thing which is puzzling.
When I call cert = find_cert_from_nickname(nn, pwd) I successfully pull the
server cert.
I then call find_key_by_any_cert(cert, certpassword) I get an object back
(nss.nss.PrivateKey).
So, presumably the PK exists f
On Tue, 2015-01-13 at 12:25 -0500, John Dennis wrote:
> On 01/13/2015 09:58 AM, Robert Daniels wrote:
> > I also need to serialize private keys in the same fashion. Any hints
> greatly appreciated.
>
> By design NSS prohibits access to private keys therefore you cannot
> serialize private keys.
2 operation.
OpenSSL does permit extracting a key from a PKCS12 file, so once you've
extracted the key/cert to a .p12 file you can use OpenSSL to get the
key. Note, there is no need to use python-nss to extract a cert/key from
a NSS database, you can use the pk12util command line utility
Basically what I'm doing is pulling from the nss store, the private key, server
cert, and the complete CA cert chain and converting to in-memory PEM.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I also need to serialize private keys in the same fashion. Any hints greatly
appreciated.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Monday, January 12, 2015 at 12:49:36 PM UTC-5, John Dennis wrote:
> On 01/12/2015 08:50 AM, robertdaniels2...@gmail.com wrote:
> > I'm loading certs via python-nss, and need to serialize the format as
> > x509 PEM output. I'm using a mix
On 01/12/2015 08:50 AM, robertdaniels2...@gmail.com wrote:
> I'm loading certs via python-nss, and need to serialize the format as
> x509 PEM output. I'm using a mix of python-nss and openssl.
>
> crypto.dump_certificate does not take a nss.Certificate parameter, so
>
I'm loading certs via python-nss, and need to serialize the format as x509 PEM
output. I'm using a mix of python-nss and openssl.
crypto.dump_certificate does not take a nss.Certificate parameter, so looking
for what is the "best practices" path to achieve this.
Robert
On Fri, 2015-01-09 at 12:10 -0800, Roger Dunn wrote:
> Yes, that was me on both posts... the first one was taking awhile to
> pop up on the grid (overnight), thought it was lost in a black hole.
Your message arrived on the list via posting to the newsgroup. Those
messages often end up in the moder
o be the only exposed api for listing certs in the
> > db. I'm using the ver 0.12 version of python-nss.
> >
> > The function get_cert_nicknames takes a parameter which lists ALL
> > certs, USER certs, CA certs, SERVER certs. I have a mix of user and
> > val
wn to a specific location in
the source code it would help if you included that information. I
located the problematic code:
file: lib/certhigh/certhigh.c
line: 371
function: CollectNicknames
I have no idea why this logic is commented out.
FWIW I did code up a simple python-nss test and reproduce
I need to enumerate the certs in my local store, and in my testing, only user
certs can be enumerated using the get_cert_nicknames api. It also appears to be
the only exposed api for listing certs in the db. I'm using the ver 0.12
version of python-nss.
The function get_cert_nicknames ta
missing definition for "NSSInitParameters". The
reference to this name is in py_nss.h, but i can not actually find
where it is defined in any of the included source code of any of the
required libraries (searched all the code in nss3 and nspr4). Can
anyone provide help on this.
Is this python-nss project actually being maintained? Seems like it
may not be.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 25/02/11 23:55, John Dennis wrote:
Yes, that's a deficiency. The lack of a project page is part due the
fact I'm the only person supporting the project and the difficulty of
getting the right Mozilla mojo to maintain public pages. So I do
apologize for that, it really should be done.
File an
> You're right on one count, NSS and PKCS11 are large complicated systems.
> NSS actually comprises quite a bit more than PKCS11. PKCS11 is a
> standard promulgated by RSA for managing cryptographic tokens. NSS
> amongst other things provides API's which are compatible with the PKCS11
> API's. NSS
was an algorithm, but I'm starting to thing it is just
a container for algorithm's and so then I must ask what is actually
being used. Maybe I don't need python-nss if the data is just being
encrypted using some standard algorithm (wrapped up in NSS or
PKCS#11) which python already has
and
> > so I've been researching how to do this.
>
> > I found references to a python package python-nss which is available
> > in RPM format, but I'm using Debian and having trouble actually
> > finding something pre-compiled. I downloaded the source code for th
x27;m going to send my data
to a public server, but in my case not necessary. I wanted to try to
decrypt the information to see what it was storing in the database and
so I've been researching how to do this.
I found references to a python package python-nss which is available
in RPM format, but
erver, but in my case not necessary. I wanted to try to
decrypt the information to see what it was storing in the database and
so I've been researching how to do this.
I found references to a python package python-nss which is available
in RPM format, but I'm using Debian and having t
28 matches
Mail list logo
