Re: fipstest.c in nss 3.14.3 does not support prediction resistance = true case

On 04/17/2013 06:38 PM, bratchan...@gmail.com wrote: Hi, The fipstest.c does not seem to support the scenario with prediction resistance = true . The case statement for function drbg has to change if prediction resistance is true and also the NIST request file has an additional parameter Entr

Re: fipstest.c in nss 3.14.3 needs updating for DRBG tests

On 04/17/2013 06:28 PM, Bharath wrote: Hi , We were planning on using the nss drbg model for validating the HASH_DRBG implementation inside (nss-3.14.3/mozilla/security/nss/cmd/fipstest) . The fipstest.c needs updating for FIPS SP800-90A testing to validate drbg . Please refer to the followi

Re: Root Certificates in Firefox OS (was Re: NSS in Firefox OS)

Rob Stradling wrote: > > I presume that Firefox OS trusts NSS's "Built-in" Root Certificates > > [1], but what (if anything) does Firefox OS do for EV SSL? As you found, Firefox OS doesn't have an EV UI, and in fact I just disabled the EV validation logic in B2G for performance reasons, given tha

Re: Root Certificates in Firefox OS (was Re: NSS in Firefox OS)

On 18/04/13 13:54, Rob Stradling wrote: On 20/10/12 18:33, Brian Smith wrote: B2G (Firefox OS) does use NSS. Brian, I presume that Firefox OS trusts NSS's "Built-in" Root Certificates [1], but what (if anything) does Firefox OS do for EV SSL? Does Firefox OS import PSM's list of EV-enabled

Re: Issues with strategy used by org.mozilla.jss.CryptoManager#findPrivKeyByCert to find matching Private Key

Then, this documentation is wrong, isn't it? https://developer.mozilla.org/en-US/docs/JSS Java provides a JCE provider called SunPKCS11, see Java PKCS#11 Reference > Guide, > SunPKCS11 can be configured to use NSS module

Re: Issues with strategy used by org.mozilla.jss.CryptoManager#findPrivKeyByCert to find matching Private Key

On Tue, Apr 16, 2013 at 7:27 PM, Jaime Hablutzel Egoavil < hablutz...@gmail.com> wrote: > Are you talking about PKCS11 bridge for a standard PKCS#11 module?. I was > thinking in accesing smartcards configured in NSS database, so I don't have > to deal with the location of the dll module. I'm sorry

Re: certutil - Generate a new key.

On Tue, Apr 16, 2013 at 8:01 PM, Robert Relyea wrote: > On 04/15/2013 02:34 PM, Matt Yakel wrote: > >> Hi all, Is the "certutil" a linux tool only? I am needing to deploy Local >> Security Certs to our work network (windows). >> > > No, it can be built for pretty much any NSS supported platform.