Nelson B Bolyard wrote:
Subrata Mazumdar wrote, On 2009-05-13 06:45 PDT:
The key genartion now works for RSA and DSA key types but it still fails
for EC key type.
else if (keyType == "dsa") {
keyGenAlg = "dsa-sign-nonrepudiation";
keyParams = null;
}
According to the source code
(http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCrypto.cpp#610),
if keyParams is given, it returns error for DSA. It seems that the a
default keyparams generated for all cases.
That's strange. Your DSA test code should NOT have worked. I wonder
how it could have worked, given that you supplied no "params".
Is key generation for EC type is supported on Firefox 3.0.10?
I believe so. I was able to generate an EC key pair with <KEYGEN>.
I don't know why it would fail with CRMF if it works with KEYGEN.
As I have said in the earlier message, I have no problem in generating
EC key-pair. I get error when I try to sign the request using the
private key.
Since KEYGEN tag also generates signed CRMF request string, and it works
for you, I will try harder to figure out what I am doing wrong.
The main reason I testing this method is I failed to generate key for
DSA and EC tyeps using keygen tag.
The fact that DSA <KEYGEN> is broken is a known bug. Bug 488059.
I have tried all three links at the bottom this page:
https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag.
I only see key-generation dialog for RSA key type.
Well, the dialog only stays up as long as the operation takes, and the
operation is VERY fast for all but RSA. But just tried those links
with FF 3.0.10 and also with FF 3.5 Beta <nightly>, and I did see it
(briefly) for EC, as well as for RSA.
The key generation dialog comes up for EC key type but no CRMF request
object is generated. Here is the HTTP message (that I have captured
using 'Live HTTP headers' add-on) that is sent to the server :
POST /cgi-bin/ce1.php HTTP/1.1
Host: bug474958.bugzilla.mozilla.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10)
Gecko/2009042315 Firefox/3.0.10 Ubiquity/0.1.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://bug474958.bugzilla.mozilla.org/attachment.cgi?id=372342
Cookie: __utma=150903082.2014591713.1195935669.1230593626.1235229387.47;
dloadday=198.152.12.67.1216653316444461;
__utmz=150903082.1235229387.47.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
EC+public+key=High+Grade&createcert=Generate
^^^^^^^^^^
Actual Base-64 CRMF request string should be in place of
'High+Grade'. I get the same error for DSA key type. When I use the
KEYGEN link for RSA key type, I see the complete Base64 CRMF request
string.
By the way those 3 links are actually links to attachments to bug 474958.
Perhaps the next logical step is to construct some similar test pages for
generateCRMFRequest.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
