On 2009-09-15 07:47 PDT, Andreev Konstantin wrote:
Hello.
I am currently in the process of adding support for GOST algorithms (RFC
4357,4490,4491) into the NSS.
At this moment I implemented GOST hashing and GOST signature verification
algorithms in the NSS. This works throughout the whole
On 2009-09-13 06:26 PDT, Frank Hecker wrote:
However since all the relevant code was contributed by Cryptocom, all we
need to do is to ask permission from Cryptocom to be able to use the
source files in NSS under the NSS licensing arrangements (i.e., the
MPL/GPL/LGPL tri-license). Since
On 2009-09-12 03:52 PDT, Martin Paljak wrote:
On 12.09.2009, at 2:43, Nelson Bolyard wrote:
3. The PKCS#11 crypto API standard must be amended to have one or more
mechanisms defined for doing GOST encryption and decryption in CBC
mode. This definition must be proposed to the PKCS#11
On 2009-09-03 02:23 PDT, Amine wrote:
Well, I'll try to be very precise this time.
I am writing a little Java program that uses an NSS Internal PKCS#11
Module for signing. Am using Win XP, service pack 3 and, for now, no
Visual C++ is installed.
So am using the JSS 4.2 that uses NSPR
On 2009-09-01 06:00 PDT, Klaus Heinrich Kiwi wrote:
On 08/31/2009 11:07 PM, Nelson B Bolyard wrote:
On 2009-08-31 14:49 PDT, Klaus Heinrich Kiwi wrote:
Is it possible/feasible to configure NSS to use an external PKCS#11
provider and run the test suite to check if everything is running fine
On 2009-08-31 14:49 PDT, Klaus Heinrich Kiwi wrote:
Is it possible/feasible to configure NSS to use an external PKCS#11
provider and run the test suite to check if everything is running fine?
Yes, certainly. First, tell us
1) what crypto functions you expect to offload to the external PKCS#11
On 2009-08-19 15:12 PDT, David Keeler wrote:
Wan-Teh Chang wrote:
I think rsa encryption is a public key algorithm, where as
sha1 with rsa encryption is a signature algorithm.
Thank you for the quick response. This isn't quite what I was getting
at, though. I guess my question really
On 2009-08-19 11:30 PDT, Justin wells wrote:
Hi all,
When I visit an HTTPS link I can see what strength of encryption is
used to encrypt the content (e.g., 256 bit AES) and if I dig a little
I can even see the strength of the certificate used for authentication
(e.g., 1024 bit RSA). What I
On 2009-08-19 06:30 PDT, Rishi wrote:
OK , we have made some progress, we could disable the softtoken by
commenting the line softtoken_extra.so in mca.conf in /kernel/drv/.
Now we got an SSL handshake error bad MAC. This we thought would be
because the crypto card does not support hashing
On 2009-08-17 06:12 PDT, Rohit wrote:
Hello,
We are trying to use NSS to validate various SSL parameters of a server,
such as ciphers supported, certificate expiry, domain name check and so on.
We are using SSL_ForceHandshake function which is failing, by giving
error
On 2009-08-12 03:43 PDT, Rishi Renjith wrote:
Hello,
I tried creating a NSS database, linking it with crypto card and
connecting using apache mod_nss. Everything works fine, except that the
*rsaprivate *jobs are not getting increased in the kstat of the card.
This is essentially the same
On 2009-08-10 10:24 PDT, Georgi Guninski wrote:
On Mon, Aug 10, 2009 at 09:44:55AM -0700, Nelson B Bolyard wrote:
https://developer.mozilla.org/en/Mozilla_Source_Code_Via_CVS#CVS_Client_Settings
These instructions don't show the use of ssh. I'm not sure that the
combination of anonymous
On 2009-08-11 07:11 PDT, Rishi Renjith wrote:
Hello,
The issue with the dummy DB was that some permissions to some files in
it were not given. I did a chmod 777 to all files and now the dummy DB
seems to be working fine.
I still don't know what a dummy DB is, but I'm glad you got past it.
On 2009-08-11 18:43 PDT, JamesH wrote:
I have some confusion with regard to JSS due to the lack of proper
documentation. Looks like JDK 6 can talk to NSS natively with this
configuration:
http://java.sun.com/developer/technicalArticles/J2SE/security/#2
If that's the case, why do I need
On 2009-08-10 01:52 PDT, Georgi Guninski wrote:
On Fri, Aug 07, 2009 at 04:29:40PM -0700, Nelson Bolyard wrote:
OK, so do a cvs checkout over ssh instead.
how do i do this?
(i don't have a cvs account on .m.o)
You may use anonymous cvs to pull the source.
# setenv CVSROOT
On 2009-08-05 17:05 PDT, Eddy Nigg wrote:
There's a perl script to extract all the data from the certdata.txt
file. You can find it at
http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt .
LOL, that was quick, but I beat you by a few seconds ;-)
Thanks, Eddy and Kyle.
Wan-Teh,
On 2009-07-28 10:41 PDT, Grant Gayed wrote:
(originally posted on the mozilla.dev.security group, was suggested to post
here as well)
Yeah, this is the right place.
I work on the SWT Browser, which embeds XULRunner. I've been stuck on a
problem for a while now, and would really appreciate
On 2009-07-28 12:53 PDT, sudha panchag wrote:
Hi I am trying to write a program to communicate to a smart card (Athena)
when connected. The program must generate certificate requests and also
generate key pair.
I have been following the window.crypto functions and it is able to
generate a
On 2009-07-30 13:02 PDT, Eddy Nigg wrote:
On 07/30/2009 10:22 PM, Drew:
I just upgraded to XULRunner 1.9.1, and my application is now no
longer accepting my cert_override.txt. If I change my application.ini
to use 1.9.0.11, it works fine.
I'm using a wildcard certificate (signed by GoDaddy)
On 2009-07-30 14:21 PDT, Nelson B Bolyard wrote:
On 2009-07-30 13:02 PDT, Eddy Nigg wrote:
On 07/30/2009 10:22 PM, Drew:
I just upgraded to XULRunner 1.9.1, and my application is now no
longer accepting my cert_override.txt. If I change my application.ini
to use 1.9.0.11, it works fine
On 2009-07-30 15:50 PDT, Drew wrote:
Thank you both for your quick reply. I've gotten it working with a
CNAME at the correct subdomain level.
Out of curiosity, what's the CA and client support for SubjectAltName
at this time?
All major desktop browsers have supported SANs for years, IINM.
On 2009-07-30 19:04 PDT, Howard Chu wrote:
As far as I can see, CERT_VerifyCertName() is still vulnerable to the
embedded NUL hack that was recently published here
http://www.wired.com/threatlevel/2009/07/kaminsky/ and on slashdot. Yet
some comments in the discussion say that Firefox 3.5 is
On 2009-07-30 19:46 PDT, Ian G wrote:
On 31/7/09 04:29, Nelson B Bolyard wrote:
... So, a name with a NULL in it will appear
as something like www.mybank.com\00*.badguy.org
There must be something I am missing. Since when is a NULL a legal
character in a domain?
Read the article
On 2009-07-19 13:43 PDT, Anders Rundgren wrote:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf
I hope this document describes this correctly. If so, it verifies my guess
that NSS does use any operating-system tricks to protect soft keys.
NSS does NOT use any
On 2009-07-17 17:40 PDT, Daniel Veditz wrote:
Moving discussion to mozilla.dev.tech.crypto, but do go ahead and file
bugs. I doubt 3.5 behaves any differently than 3.0 (you did mean 3.0.10,
right? If you're using Firefox 2 please stop).
nk wrote:
Hi all,
I am researching the
On 2009-07-12 05:51 PDT, Anders Rundgren wrote:
This is an interesting project.
What's not completely obvious is how this relates (or could relate) to
for example Firefox.
I must confess that I know absolutely nothing about NSS but I assume
that the soft-token uses obfuscation and an
On 2009-07-08 22:37 PDT, Michael Kaply wrote:
I'm importing a code signing cert into my database using pk12util, but
it gets assigned a random alias:
e33eb463-ddba-4895-9469-bfdd01c71fe2
That's a Microsoft Windows GUID. The most likely cause of this is that
you exported the cert and
On 2009-07-07 00:33 PDT, Anders Rundgren wrote:
The naked truth is that provisioning of TPMs is not supported by
any generally established protocols or APIs (at least using TPM methods),
but this is also a fact for smart cards since there is no way you
can policy-define/set PIN-codes using for
On 2009-07-07 12:50 PDT, Peter Djalaliev wrote:
I should start by saying that a TPM's functionality is not equivalent to
that of other hardware tokens, such as smart cards. A TPM only provides
a subset of the functionality of a regular PKCS#11 token.
Some provide more than others. I have
On 2009-07-06 07:41 PDT, Martin Schneider wrote:
I want to use certificates which according private key is protected
inside a Trusted Platform Module and use these Certificates for client
side authentication towards a web based service running on an Apache.
As far as I understand, there
On 2009-07-05 05:57 PDT, Martin Paljak wrote:
The problem is that an average users thinks like this: password is
something like 'topsecret123', PIN code is something like '1234', I'm
asked for a password, let me see, which passwords I know that I might
type here... More experienced
On 2009-07-04 04:31 PDT, Eddy Nigg wrote:
On 07/04/2009 02:20 PM, Anders Rundgren:
It's not a good idea to place the CA certificate on the token because
I think it is Firefox that's confusing.
Sure, it's a bug. If the CA root is trusted in the software security
device, its trust bits
Martin, I want to read your full message and respond fully later this
weekend, but right now I just want to try to clarify a couple things.
FYI, to make sense to users of eID cards currently one has to embed
the word PIN into the token description as well, so that the prompt
that Firefox
On 2009-07-04 04:19 PDT, Ian G wrote:
Some remarks.
On 4/7/09 12:18, Martin Paljak wrote:
Firefox displays a Please enter password for ... dialog, which is
ambiguous for casual users who need to be said very clearly when they
need to enter the PIN of 4 or more digits. Right now my Firefox
On 2009-07-03 08:39 PDT, Anders Rundgren wrote:
This demonstrates that standardization is an option but an increasingly
difficult option as well in an ever faster-moving world:
http://www.w3.org/2009/06/xhtml-faq.html
Does it?
It appears to me that this is the standards body pruning the tree
On 2009-07-03 10:52 PDT, Dmitriy Varnavskiy wrote:
I have run several tests of JSS on Linux - they all worked fine so seems
JSS is correctly installed. But when I am launching my app java for some
reason is not using certificates in firefox keystore.
Thanks for being patient. Our JSS expert
On 2009-07-03 00:30 PDT, Martin Paljak wrote:
Some constructive suggestions; mostly for Firefox:
1. Use platform API-s where appropriate: cryptoapi (and basecsp via
this) on windows; cdsa/keychain on macosx.
Regardless of who does it, this triples/quadruples the amount of work
to be done
On 2009-07-03 05:29 PDT, Ian G wrote:
We desperately need some form of whitelisting in Firefox so that each site
always gets presented the same cert. If browsers can remember cookies
and username/passwords, then they can remember cert/domain combinations.
This goes double for Thunderbird
On 2009-07-03 04:33 PDT, Udo Puetz wrote:
What we've found out now is this: there is no CA certificate on the
token. And it seems that firefox needs the CA and the user certificate
from the same place:
I don't believe it is true that Firefox requires both to be in the same
token.
If I
On 2009-07-02 02:58 PDT, Udo Puetz wrote:
I want to authenticate against a juniper SA 2500 firewall with a user and
password AND a certificate.
I have a safenet iKey 1032 token where I imported the p12 certificate.
In firefox (tried 2.0.x, 3.0.x and 3.5.x) I imported the safenet
K1PK112.DLL
On 2009-07-02 12:17 PDT, Anders Rundgren wrote:
If you want to use Hardware tokens, PKCS #11, and Firefox you
either must be nuts, a masochist, very smart, or highly committed.
For ordinary users it makes little sense.
Hardware tokens: there are any number of different types
PKCS #11: the
On 2009-06-30 07:39 PDT, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
Does this assume LDAP for acquiring the certificate without a signed
S/MIME message? (So it is only relevant in corporate setting?)
No. There are many ways to get a cert for an email correspondent.
There is only
On 2009-06-26 04:13 PDT, Dmitriy Varnavskiy wrote:
I am deploying javaws application that uses client certificate for
authentication. It is starting with jnlp ref from web page that also uses
client certificate. So, nedeed certificate presents in browser on client
machine. For application I
On 2009-06-22 12:05 PDT, Nagendra Modadugu wrote:
I am currently implementing the Certificate Status Request extension
(RFC4366) for NSS. The primary use of this implementation will be
OCSP verification of certificates presented by SSL websites.
For the general Internet context, I am unable
On 2009-06-25 18:25 PDT, Sudarshan Gaikaiwari wrote:
I am trying to configure NSS on a Windows 2003 machine to work as a JCE
provider under Java 6 in the FIPS mode. I am using the instructions
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS
However I am unable
On 2009-06-21 03:24 PDT, Ian G wrote:
On 19/6/09 15:36, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
if you send an encrypted message to someone from whom you have never
received a signed S/MIME message, you will use weak encryption.
Does this assume LDAP for acquiring
Hanseong Ryu wrote:
Do Firefox3.5 support for NSS version like NSS 3.xx.x in detail ?
I believe your question is:
What version of NSS is found in Firefox 3.5 (in the current release
candidate)? The answer is found here:
On 2009-06-19 12:48 PDT, Rich Megginson wrote:
Does NSS support non-blocking sockets?
Yes.
I'm running into a problem while using NSS with non-blocking sockets. I
have my own PR_Recv function that does something like this:
Although you called it a PR_Recv function, I gather that it is
I wrote:
SSL_ForceHandshake is like a PR_Read or PR_Write call except that it
transfers to data.
make that transfers NO data.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2009-06-17 03:44 PDT, Gervase Markham wrote:
On 15/06/09 18:18, Glen Beasley wrote:
I can do the same for the NSS and NSPR?
The wisest thing to do would be to complete the migration and then put a
redirect in place. Is anyone actively working on migrating the remaining
content?
On 2009-04-30 15:49 PDT, I wrote:
SHA-1 has taken a significant hit. See
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
That URL was for a set of 4 slides that were presented at a conference.
They didn't reveal much detail. Now, the paper revealing the details
has
On 2009-06-05 03:16 PDT, Néric wrote:
Hi Nelson,
First of all, thank you very much for your time and for the quality
answers. I’ve understood everything except but one thing:
Did you really mean that I could have 2 versions of NSS on my computer?
One for Debian and one specific to Mozilla
On 2009-06-03 19:16 PDT, Wan-Teh Chang wrote:
That means that you always put the cert and its chain into the client's
cache, and cache the negotiated SSL session, where it will be restarted
by future attempts to connect to the same host/port. This seems
inadvisable.
Yes, that's an issue.
On 2009-06-04 16:55 PDT, Wan-Teh Chang wrote:
On Thu, Jun 4, 2009 at 1:15 PM, Nelson B Bolyard nel...@bolyard.me
wrote:
There is a similar function for suspending and restarting the SSL
handshake processing at another point where there may be long delays,
namely, when the user needs
On 2009-06-04 02:23 PDT, Néric wrote:
Context:
I am working on PKI cross certification using a PKI bridge.
To fetch missing certificates, I use the following AIA certificate
extension:
CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c
where bundle.p7c contains the missing
On 2009-06-03 07:02 PDT, David Stutzman wrote:
I have a DB that has just shy of 7000 keys/certs in it. From the
command line using certutil -L takes ~5 mins or so and then finally
starts showing output all at once after the delay. It ends up using
80-90MB of ram (according to task
On 2009-06-01 12:07 PDT, Andrew Manore wrote:
I'm not able to see what encryption algorithms Thunderbird 2.0.x is
using. From what I've been able to tell (through downloading the
encrypted message into Microsoft Outlook), Thunderbird is using 3DES
encryption with SHA-1 hashes.
Thunderbird
On 2009-06-02 11:17 PDT, Wan-Teh Chang wrote:
This message is long. Please bear with me.
A mere 73 lines. :)
On 2008-12-18, Dan Kegel reported in this thread that we can't call
SSL_PeerCertificate after the bad-certificate callback function returns
because the peer certificate has been
On 2009-05-31 07:17 PDT, Jan Schejbal wrote:
I was playing around with the KEYGEN html tag, but I did not find any
documentation on how the generated keys can be accessed. key3.db is
growing, so the keys are probably saved, but is there some UI to
view/manage/export/delete such keys in
On 2009-05-28 13:09 PDT, Frank Hecker wrote:
Nelson B Bolyard wrote:
An SSL server that sends out a full chain with a SHA256 root could
conceivably cause a problem for a remote SSL client that does not understand
SHA256 signatures and that chooses to check the signature on the received
root
On 2009-05-28 21:51 PDT, tito wrote:
I am making a CA site for my college project purpose.I learned that
different browsers use different methods to generate CSR.Making CSR in
IE was easy.For vista systems I used CertEnroll.dll methods and for
non-vista IE i used xenroll.dll.I generated CSR
On 2009-05-29 09:22 PDT, Rick Andrews wrote:
On May 28, 3:12 pm, Nelson B Bolyard nel...@bolyard.me wrote:
On 2009-05-28 10:52 PDT, Kathleen Wilson wrote:
Just to make sure I understand…
In the VeriSign case the MD2 roots expire on 2028-08-01, and the SHA1
roots expire on 2028-08-02, so
(Sorry for the apparent tardiness of this reply. I wrote it the day that
I read Frank's message, and thought I sent it, but evidently did not send
it until today.)
Frank Hecker wrote, On 2009-05-22 07:24 PDT:
So, just to clarify: I *think* you're proposing that we do the following
in cases
Rob Stradling wrote, On 2009-05-27 01:35:
Frank, Nelson, just in case it's useful...
I recall that GlobalSign recently refreshed their GlobalSign Root CA:
https://bugzilla.mozilla.org/show_bug.cgi?id=406794
When the new GlobalSign Root CA certificate (which expires in 2028) was added
to
Rolf Lindemann wrote, On 2009-05-24 09:52 PDT:
Do you know which version of Thunderbird will get the NSS version containing
the new root certificates?
No. I would hope that the upcoming Thunderbird 3 release would include
them, but I cannot say with any certainty that it will. This might be
Vinu wrote, on 2009-05-27 15:26 PDT:
The server sends the data and then closes the connection(becuase we use HTTP
Connection:close and not Keep-Alive).
But shouldnt PR_Read return the entire data and then only return 0(becuase
the connection is closed).
How can it return 0, before all the
I'm happy to report that the NSS changes were committed today to the source
repository from which FF 3.5 will be built. The changes made it in just
under the wire (at the last moment). I'm thankful to all the people
who helped make that happen.
However, It appears that the PSM changes, enabling
There are 9 NSS bugs requesting new root CA certs and/or changes to trust
flags on existing root CA certs in NSS. See them at
Eddy Nigg wrote, On 2009-05-18 18:38 PDT:
I'll create also the missing patch for Cybertrust and/or upon advise a
mega patch of all EV enablements. Errr...please advise :-)
Thanks Eddy. I see you've already produced patches for 4 of those 6 bugs.
Patches for the remaining two would also be
Gaurav Aggarwal wrote, On 2009-05-16 15:55:
I want to put some additional checks in nsCrypto::importUserCertificates()
function. For these checks, i want to access the URI of the script that
called this function (originating URI) and the URI of the parent page (host
URI).
Could anyone
Subrata Mazumdar wrote, On 2009-05-14 20:53:
I just have another question. According to the source code
(http://mxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c#92)
signing with EC key is disabled irrespective of underlying security
device. What about if I am using a
kashyap wrote, On 2009-05-15 00:57:
Hi,
*-W* option(to change password of the key database) is not listed when
we do a certutil -H.
But the functionality do work fine, if we try to change an existing
password of the nss key database by using
*certutil -W -d
Kaspar Brand wrote, On 2009-05-13 22:16:
Subrata Mazumdar wrote:
As I have said in the earlier message, I have no problem in generating
EC key-pair. I get error when I try to sign the request using the
private key.
Maybe you're falling prey to this bug?
Subrata Mazumdar wrote, On 2009-05-13 06:45 PDT:
The key genartion now works for RSA and DSA key types but it still fails
for EC key type.
else if (keyType == dsa) {
keyGenAlg = dsa-sign-nonrepudiation;
keyParams = null;
}
That's strange. Your DSA test code should
Gervase Markham wrote, On 2009-05-13 14:46:
On 11/05/09 20:32, Nelson B Bolyard wrote:
Ideally, one could tell Tryserver to Take Firefox source from the current
branch for FF 3.0.x or FF 3.5 (from CVS or Hg, as appropriate), plus NSS
from CVS tag X, plus this small patch, and build
Subrata Mazumdar wrote, On 2009-05-13 17:58:
Nelson B Bolyard wrote:
That's strange. Your DSA test code should NOT have worked. I wonder
how it could have worked, given that you supplied no params.
According to the source code
(http://mxr.mozilla.org/mozilla-central/source/security
Gaurav Aggarwal wrote, On 2009-05-13 20:07 PDT:
I was trying to find a custom extension using its object identifier (in
decimal) : 1, 3, 6, 1, 5, 5, 7, 1, 100.
It seems to me that only CERT_FindCertExtension() function is public.
If you would like to see CERT_FindCertExtensionByOID be
Frank Hecker wrote, On 2009-05-12 11:32:
Paul Hoffman wrote:
Peter Gutmann asked on a different mailing list:
Subject says it all, does anyone know of a public, commercial CA
(meaning one baked into a browser or the OS, including any sub-CA's
hanging off the roots) ever having their
On May 11, 2009 at 8:44 AM PDT, Eddy Niggeddy_n...@startcom.org wrote:
There are quite some roots which should be included and nobody seems
to be working on it. Can Nelson or somebody advise if to provide
patches for those roots or not?
Changes to the built-in root CAs, or the list of
Glen Beasley wrote, On 2009-05-11 14:01:
John Smith wrote:
Hi:
*Glen*: Wow, you managed to match that bug to my problem, even though
the test numbers are totally different (as per what Nelson said)! Its
not terribly important that all tests pass for my purposes, so I think
I will wait
Kaspar Brand wrote, On 2009-05-07 22:22:
Nelson B Bolyard wrote:
Please provide a URL for the bugzilla bug that you filed. It was evidently
filed in a different bugzilla than mozilla.org's.
It's bug 491698, actually, and NSS's PKCS#12 decoder seems to have
a problem with it. The contents
John Smith wrote, On 2009-05-07 15:00 PDT:
I downloaded the NSS 3.12.3 and NSPR 4.7.4 source code and was running
the provided test suite. However, test #537 (part of Cache CRL SSL
Client Tests) gets stuck (all previous tests pass according to
results.html), and I have to kill the test
Ricardo,
Please provide a URL for the bugzilla bug that you filed. It was evidently
filed in a different bugzilla than mozilla.org's.
I've just created an application that generates .p12 certificates. I can
import them correctly onto the windows keystore with no problem and all
the extensions
Ian G wrote, On 2009-05-04 13:26:
On 4/5/09 22:04, Nelson Bolyard wrote:
A very similar hack has already been done. It's a Firefox extension
that (IIRC) silently installs some roots and shows the green bar for
(some of) the certs that chain up to those roots. See it at
hawkinsconsult...@googlemail.com wrote, On 2009-05-01 00:25:
I am having a problem importing a certificate. I am using the
following commands
/blah/certutil -D -n s1as -d .
/blah/certutil -A -n s1as -t u,u,u -d . -i /tmp/blah.cer
The problem is that it will not import the certificate with
trapp...@libero.it wrote, On 2009-04-30 01:17:
Hi all,
i'm using Devstudio Power Plotter and this software requires an hardware key.
[...] or does anyone have also a previously version but already cracked?
Thank you very much for your attention!
Nico
Nico,
Sorry, you won't find any cracks
SHA-1 has taken a significant hit. See
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Mathieu Malaterre wrote, On 2009-04-29 13:37:
Hi there,
Hi Mathieu,
Welcome to dev-tech-crypto.
You can expect replies here in 24-48 hours after you post.
I need to encrypt some content in an Enveloped-data content type of
the cryptographic message syntax defined in RFC 2630/3369/3852.
I wrote:
The message to users was (and still is), if you want to export your
private key, PKCS#11 is the answer.
er. make that #12. Unlike PKCS#8, which for a long time (and maybe still
today) implied unencrypted storage of private keys, PKCS#12 has been
associated with encrypted storage of
ksreedha...@gmail.com wrote, On 2009-04-24 14:04:
Hello,
I am using NSS 3.11.4 and NSPR 4.6.4
Will the non-approved PRNG of NSS be functional/usable when NSS is in
FIPS mode.
What non-approved PRNG of NSS ?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Andriy Zakharchuk wrote, On 2009-04-24 02:39:
0 AAA-update-key
1 BBB-update-key
2 CCC-update-key
It that literally what you see? Or do you see output with some long
strings of hexadecimal characters, e.g.
0 0549d7e3a1b3c5d7f89 [...]
Yes, I see symbolic names, no any hexadecimal digits
Andriy Zakharchuk wrote, On 2009-04-23 12:07:
Hello all,
I have a keys database file (key3.db) and need to export a private key
from it, but can not do this.
What version of the NSS utilities are you using? version 3.??.??
certutil.exe -L -d .
gives empty output (empty line) and
starryrendezv...@gmail.com wrote, On 2009-04-22 07:40:
If it helps, here is the code I currently utilize;
[snip]
I suspect (that is, guess) that your problem is at one of these two places:
1. Perhaps the following code does not pass the UTF8 string you expect it
to pass to the hash algorithm.
Jean-Marc Desperrier wrote, On 2009-04-22 12:17 PDT:
starryrendezv...@gmail.com wrote:
hash: function(str,method) {
[...] str.charCodeAt(i)
python quite probably outputs the value of str.charCodeAt(i) as some
variant of a UTF-16 value. Or UCS-2 with no handling of surrogates.
Under
Martin Paljak wrote, On 2009-04-18 00:51 PDT:
FYI, Apple has made it virtually impossible to use smart cards with
Safari because of *requiring* such configuration on the client side
(host:port configuration for every certificate for every site where
you want to use it).
With Firefox
Martin
Thanks for your very informative and useful email. There was a lot of
good information in there. It's good to see how PKI and smart cards are
being taken up in the world, even if at the present it is limited to a
few nations.
/Nelson
--
dev-tech-crypto mailing list
on smartcards, so a source selector might be an idea,
perhaps also with the capability to specify specific cards.
Yes, and I think FF UI has that. It's a feature of the browser's UI, I
think, not of the keygen tag itself.
On Thu, 8 Jan 2009, Nelson B Bolyard wrote:
This is documented at
https
0x00 wrote, On 2009-04-08 07:45:
I have this so far, which seem to produce a good set of random bytes:
buffer = '';
var PRNG = Components.classes['@mozilla.org/security/random-generator;
1'];
var rg = PRNG.getService(Components.interfaces.nsIRandomGenerator);
randomBytes =
dave davesons wrote, On 2009-04-03 06:22 PDT:
If you import an updated version of a CRL in mod_nss and you make use of
the same nickname:
* Is it necessary to restart the web server for mod_nss to take it into
account?
* Does mod_nss still remember the old CRL?
Dave, while mod_nss uses NSS,
ksreedha...@gmail.com wrote, On 2009-04-01 17:54:
Hello,
I am [using] Mozilla-JSS as the provider in my Java application which
is a SSL client connecting to OpenSSL based SSL Server.
You haven't reported version information, such as:
- version of JDK/JRE
- version of JSS
- version of NSS
201 - 300 of 727 matches
Mail list logo
