Hi, I am using nss as a fips keystore as documented under http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS. I use the following code to generate an AES key and store in the keystore for later lookup for encryption/decryption.
//Keystore initialization KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, pw.toCharArray()); //Generate AES 128 bit key KeyGenerator kg = KeyGenerator.getInstance("AES"); kg.init(128); SecretKey skey = kg.generateKey(); //Save generated Key ks.setEntry(SECREY_KEY, new KeyStore.SecretKeyEntry(skey), new KeyStore.PasswordProtection(pw.toCharArray())); My application was working fine under RHEL 6.3 (nss 3.13). But when i upgraded to RHEL 6.4 (nss 3.14) i can see that the generated secretkey is not getting stored in the nss database. I used nss-devel tool symkeyutil to verify against nss-3.13 and nss-3.14. (usage: ./symkeyutil -L -d /etc/opt/company/product/nss/). I can see that with old version, immediately after ks.setEntry() method i can see entry in nss. With nss-3.14, i never see the key persisted. Any idea on why this could happen in nss 3.14 ? Thanks, Atul Soman. ========= Properties i use to initialize SunPkcs11 ==== props.put("name", "NSSfips");// props.put("nssLibraryDirectory", libDir); props.put("nssSecmodDirectory", dbDir); props.put("nssModule", "keystore"); props.put("nssDbMode", "readWrite"); -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto