Re: pk12util fails to import EC keys
On 29 June 2016 at 12:02, Hubert Kario wrote: > On Tuesday 28 June 2016 02:59:18 chrisr wrote: > > Hi, > > > > I'm trying to import an EC key and cert generated with openssl into an > NSS > > DB but am getting this error from pk12util: > > pk12util: PKCS12 decode import bags failed: > > SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error > attempting > > to import private key. > > > > I've tested this on Gentoo x86 with nss versions 3.23(portage), > > 3.24(portage) and 3.25 (from source) with the same result. Changing the > key > > type to RSA works so I wonder if this might be bug in the EC key > handling? > > > > Steps to reproduce: > > # Create an empty NSS db > > mkdir nss > > openssl rand -base64 -out nss/pw 21 > > certutil -d nss -f nss/pw -N > > # Generate an EC key/cert > > openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp521r1 -keyout > > key.pem -out cert.pem -days 3650 -nodes -subj "/CN=Test CA" > > # Export to pkcs12 format > > openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name > Test > > # Import to nss db > > pk12util -i cert.p12 -d nss -k nss/pw > > # pk12util reports error > > Using nss 3.23.0 and openssl 1.0.1 on Fedora with slightly different > commands, > I can't reproduce it: > > mkdir nssdb > certutil -N --empty-password -d sql:nssdb/ > openssl ecparam -out secp521r1.pem -name secp521r1 > openssl req -x509 -newkey ec:secp521r1.pem -keyout localhost.key -out > localhost.crt -subj /CN=localhost -nodes -batch > openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey > localhost.key -in localhost.crt > pk12util -i localhost.p12 -d sql:nssdb/ -W '' > certutil -L -d sql:nssdb/ -n localhost -a | openssl x509 -noout -text > > so it doesn't look to me like a problem with EC keys specifically > > which version of OpenSSL are you using? > I'm using openssl-1.0.2g. Your script also works on my environment so I'll switch to that method. It looks like there is a significant difference in the keys produced by openssl in the two cases - your script produces a key that looks like this: $ openssl pkey -in localhost.key -text -noout Private-Key: (521 bit) priv: pub: ASN1 OID: secp521r1 NIST CURVE: P-521 while mine produces this: $ openssl pkey -in key.pem -text -noout Private-Key: (521 bit) priv: pub: Field Type: prime-field Prime: A: B: Generator (uncompressed): Order: Cofactor: 1 (0x1) Seed: so I assume (perhaps stating the obvious) that the problem is that in the latter case the key is a definition of the finite field in parametric form rather than using the standard curve name and that this is not supported by nss. Many thanks! *Chris Richardson*, System Architect c...@fourc.eu *FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu <http://www.fourc.eu/>* -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers
I believe this plan would have poor side effects. For example, if Apple ships clients with a broken ECDSA implementation [0], a server cannot detect detect if a connecting client is an Apple product and avoid the use of ECDSA in that subset of connections. Instead, ECDSA suddenly becomes unsafe for anyone to use anywhere. [0]: https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d On Thu, Aug 8, 2013 at 10:30 PM, Brian Smith wrote: > Please see https://briansmith.org/browser-ciphersuites-01.html > > First, this is a proposal to change the set of sequence of ciphersuites > that Firefox offers. Secondly, this is an invitation for other browser > makers to adopt the same sequence of ciphersuites to maximize > interoperability, to minimize fingerprinting, and ultimately to make > server-side software developers and system administrators' jobs easier. > > Suggestions for improvements are encouraged. > > Cheers, > Brian > -- > Mozilla Networking/Crypto/Security (Necko/NSS/PSM) > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto