On Jul 22, 7:15 pm, "Wan-Teh Chang" <[EMAIL PROTECTED]> wrote: > On Tue, Jul 22, 2008 at 1:22 PM, Dean <[EMAIL PROTECTED]> wrote: > > > I've been reading around about key generation and key material > > manipulation and am hearing that key material manipulations is not > > allowed in FIPs mode. This seems to be confirmed by my code which > > works in non-FIPs mode but throws Token failed to process key: Failed > > to unwrap key exceptions with FIPs mode.... > > > In FIPs mode is there any way to go from a byte[] encoding of a > > SecretKey and reconstitute a SecretKey. The code that works in non- > > FIPS mode creates a new SecretKeySpec with the correct algorithm > > (DESede) and calls Cipher.init() with the KeySpec. This works in non- > > FIPs mode but fails in FIPs mode with the error noted above. > > > I'm thinking that NSS must allows this in some manner in FIPs mde as > > they would have to do this in their SSL implementation with the > > incoming pre master secret from the server. > > NSS doesn't allow importing or exporting of *unencrypted* secret > or private keys in FIPS mode. > > This is not an issue for SSL because the incoming premaster secret > from the *client* is encrypted with the server's RSA public key. > > If you really have to import an unencrypted secret key in FIPS > mode, you can use this workaround: > - Generate a secret key inside the NSS softoken. Call it SK. > - Use SK to encrypt your secret key as data. > - Then, unwrap the encrypted data with SK. (Unwrap means > descrypting an encrypted key.) > > This workaround works by abusing the NSS API and treating > your secret key as data. > > Wan-Teh
Thanks for the answers Wan-Teh and Nelson ... and I do agree with both of you that the work around would be an abuse of FIPs and I shouldn't do it if I hope to claim FIPs compliance. I'm clearly missing a piece of the puzzle. Essentially I have an SSL implementation that I want to change to use only FIPs certified crypto .... effectivly (hopefully) resulting in a FIPs compliant JSSE implementation. I suspect I should be trying to write JNI to wrap the NSS SSL libraries themselves and write a JSSE implementation to that API ... but there are time/resource constraints ... and I'm not even sure the NSS SSL APIs surface enough detail to map to JSSE completely. Back to the issues of key data. In the client side of an SSL connection you do not have to decrypt key material from the server. For the client the pre_master_secret comes from key material passed in plaintext from the server and material generated privately by the client. The client then applies key expansion functions to the pre_master_secret to end up with bytes to construct the necessary SecretKeys. (The server does the same, independantly except it has received the client's contribution to the pre_master_secret as RSA encrypted data) So how can this be done in a FIPs compliant way. I guess the answer is there must be that NSS has some FIPs approved APIs that performs the key expansion functions? Does anybody have any pointers to relevant functions? If they exist can I even call these or would that still break the spirit of FIPs by passing raw pre_master_secret bytes generated outside of FIPs land into a FIPs function? Or am I missing a fundamental design issue..... IE am I totally on the wrong track here? Once again, thanks for any help you can provide. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
