I was looking at how the password was getting converted to bytes today.
The PKCS12 spec (downloaded from
http://www.rsa.com/rsalabs/node.asp?id=2138, page 14) says the password
bytes are BMPStrings with a null terminator and no byte order marks. It
shows a sample password of "Beavis" and the byte
Could you zip up your test class and db then send to my email.
thank you,
glen
David Stutzman wrote:
> I've created a test class and a db to be used with it that shows the
> following issues I get while exporting credentials to PKCS12 files using
> JSS.
>
> 1) FIPS enabled generates PBA key
I've created a test class and a db to be used with it that shows the
following issues I get while exporting credentials to PKCS12 files using
JSS.
1) FIPS enabled generates PBA key error (this issue was first mentioned
in a separate thread)
2) 4 of the 8 PBEAlgorithms won't export the EPKI (tho
I did a lot of playing around yesterday. I added a note to the bug
showing where the 16 byte salt is set as a #define and used no matter
what algorithm is passed in from JSS. Unfortunately that didn't help
out with decrypting the key.
What I have determined is that if JSS creates an EPKI stru
Per Nelson and Glen I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=400404.
I know you said there are 2 separate issues but I think the first issue
(incompatible PKCS12 files) is caused by the second (salt sizes for
PBEAlgs) so I only filed the one bug. Based on my testing I think as
l
Nelson B wrote:
> The first issue is (apparently) that PKCS#12 files created with JSS
> that use an algorithm other than PBE_SHA1_DES3_CBC are unreadable by
> OpenSSL. The bug should be filed against JSS. Please include code
> and steps by which the problem can be reproduced.
Do I hardcode a key
David,
I agree with Glen that there are (at least) two separate issues here,
and that bugs should be filed on both of them.
The first issue is (apparently) that PKCS#12 files created with JSS
that use an algorithm other than PBE_SHA1_DES3_CBC are unreadable by
OpenSSL. The bug should be filed aga
hi David,
you should file two bugs:
JSS has different Salt size than NSS for PBE
NSS appears to only handle PBE_SHA1_DES3_CBC for PKCS12
I will try to work on the bugs shortly.
thanks,
glen
David Stutzman wrote:
> David Stutzman wrote:
>
>> I'm generating keys in the softoken and then e
David Stutzman wrote:
> I'm generating keys in the softoken and then exporting them to PKCS12
> files with their freshly issued certs. I get the private key using the
> getEncryptedPrivateKeyInfo method of CryptoStore.
>
> This epki is reporting a 16 byte salt but when I ask the algorithm for
9 matches
Mail list logo
