Re: FIPS mode key import?

[Alan Braggins]

I don't know how it maps to NSS, but at the PKCS#11 layer you can generate a 
key pair, export the public key (even in FIPS mode, because it's public), use 
the public key to encrypt your secret key, then unwrap that with the private 
key. Then you can use that secret key to unwrap private keys.
(At least one HSM has a PKCS#11 library that effectively does that for you, so 
it just allows plaintext import and export of non-CKA_SENSITIVE keys even if 
strict FIPS mode restricts the HSM boundary.)

From: dev-tech-crypto  on behalf of 
Chris Newman 
Sent: 01 June 2020 17:38
To: mozilla's crypto code discussion list 
Subject: FIPS mode key import?

CAUTION: This email originated from outside of PulseSecure. Do not click links 
or open attachments unless you recognize the sender and know the content is 
safe.


I have NSS-based DKIM signing working in our mail server software, but
run into a problem when trying to do it in FIPS mode.

I've been importing the DKIM private key using either
PK11_ImportPrivateKeyInfoAndReturnKey or
PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in
FIPS mode (they map to C_CreateObject which disallows raw key import).
If FIPS mode only supports import of an encrypted private key, how would
I import the symmetric key that was used to encrypt the private key?
Seems like a catch22 for a distributed system where keys have to move
around.

I like to avoid the OpenSSL-crypto-monoculture, but right now it looks
like using OpenSSL-FIPS is the fastest path forward. Any suggestions for
a way I could keep using NSS for this?

- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://app-us.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNWVkNTM0YTllMTMzMjI1OWMyYTIzNjU5IiwidXJsIjoiIn0.nC--nvz2SsPWjp5OWXGSmXxxci-E05q5XCMI5z03l0g&url=https%3A//nam04.safelinks.protection.outlook.com/%3Furl%3Dhttps%253A%252F%252Flists.mozilla.org%252Flistinfo%252Fdev-tech-crypto%26amp%3Bdata%3D02%257C01%257C%257C16d46204adef48e5b7cd08d8064a564e%257C3290a9179dd643db843ba3e376f9f96c%257C0%257C1%257C637266263636461480%26amp%3Bsdata%3DhbeaCwPoa9HPjleDPJSw6CjjmEJz%252FFv5p4shli%252BoYRg%253D%26amp%3Breserved%3D0
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: FIPS mode key import?

[Paul Wouters]

On Mon, 1 Jun 2020, Chris Newman wrote:

I've been importing the DKIM private key using either 
PK11_ImportPrivateKeyInfoAndReturnKey or 
PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in FIPS 
mode (they map to C_CreateObject which disallows raw key import). If FIPS 
mode only supports import of an encrypted private key, how would I import the 
symmetric key that was used to encrypt the private key? Seems like a catch22 
for a distributed system where keys have to move around.


pk12util can import a key-wrapped private key and certificate bundle.
This symmetric key is password protected, but you can specify this
password via a (tmp)file or commandline argument.

We automated this in our (libreswan) testing using;

pk12util -W ourpassword -K '' -d sql:/etc/ipsec.d -i 
/testing/x509/selfsigned/east-selfsigned.p12

Paul
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

FIPS mode key import?

[Chris Newman]

I have NSS-based DKIM signing working in our mail server software, but 
run into a problem when trying to do it in FIPS mode.


I've been importing the DKIM private key using either 
PK11_ImportPrivateKeyInfoAndReturnKey or 
PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in 
FIPS mode (they map to C_CreateObject which disallows raw key import). 
If FIPS mode only supports import of an encrypted private key, how would 
I import the symmetric key that was used to encrypt the private key? 
Seems like a catch22 for a distributed system where keys have to move 
around.


I like to avoid the OpenSSL-crypto-monoculture, but right now it looks 
like using OpenSSL-FIPS is the fastest path forward. Any suggestions for 
a way I could keep using NSS for this?


- Chris
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto