Minor modification to the original mail. nssModule is fips instead of keystore.
#props.put("nssModule", "fips");
Thanks,
Atul.
>>> Atul Soman 9/19/2013 2:31 PM >>>
Hi,
I am using nss as a fips keystore as documented under
http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS.
I use the following code to generate an AES key and store in the keystore for
later lookup for encryption/decryption.
//Keystore initialization
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pw.toCharArray());
//Generate AES 128 bit key
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey skey = kg.generateKey();
//Save generated Key
ks.setEntry(SECREY_KEY, new KeyStore.SecretKeyEntry(skey),
new
KeyStore.PasswordProtection(pw.toCharArray()));
My application was working fine under RHEL 6.3 (nss 3.13). But when i upgraded
to RHEL 6.4 (nss 3.14) i can see that the generated secretkey is not getting
stored in the nss database.
I used nss-devel tool symkeyutil to verify against nss-3.13 and nss-3.14.
(usage: ./symkeyutil -L -d /etc/opt/company/product/nss/). I can see that with
old version, immediately after ks.setEntry() method i can see entry in nss.
With nss-3.14, i never see the key persisted.
Any idea on why this could happen in nss 3.14 ?
Thanks,
Atul Soman.
========= Properties i use to initialize SunPkcs11 ====
props.put("name", "NSSfips");//
props.put("nssLibraryDirectory", libDir);
props.put("nssSecmodDirectory", dbDir);
props.put("nssModule", "fips");
props.put("nssDbMode", "readWrite");
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
