Closed Bug 548006 Opened 14 years ago Closed 2 years ago

Unable to import DSA key with CryptoStore.importPrivateKey()

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: bob.e.foss, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8
Build Identifier: 4.3 RTM (with NSPR 4.8 and NSS 3.12.4)

I believe the issue is that "publicValue" is not set
in org/mozilla/jss/pkcs11/PK11Store.c:
    status = PK11_ImportDERPrivateKeyInfo(slot, &derPK, &nickname,
                NULL /*public value*/, PR_TRUE /*isPerm*/,
                PR_TRUE /*isPrivate*/, 0 /*keyUsage*/, NULL /*wincx*/);

but NSS requires it for DSA keys in security/nss/lib/pk11wrap/pk11pk12.c:
    case dsaKey:
            keyType = CKK_DSA;
            /* To make our intenal PKCS #11 module work correctly with 
             * our database, we need to pass in the public key value for 
             * this dsa key. We have a netscape only CKA_ value to do this.
             * Only send it to internal slots */
            if( publicValue == NULL ) {
                goto loser;
            }

So if it is a requirement to have the public key value to import,
I'm guessing there would need to be another method to call in
CryptoStore to pass the publicKey in with the private key.

Below is sample code demonstrating it breaking.
RSA keys work fine (RSA from SunJSSE).


import java.security.KeyPair;
import java.security.KeyPairGenerator;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.CryptoStore;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.util.ConsolePasswordCallback;


public class ImportDsa {

  public static void main(String[] args)
    throws Exception {

    CryptoManager.InitializationValues initializationValues = new CryptoManager.InitializationValues(".");
    initializationValues.fipsMode = CryptoManager.InitializationValues.FIPSMode.DISABLED;
    CryptoManager.initialize(initializationValues);

    CryptoManager cryptoManager = CryptoManager.getInstance();
    CryptoToken cryptoToken = cryptoManager.getInternalKeyStorageToken();
    cryptoToken.login(new ConsolePasswordCallback());

    CryptoStore cryptoStore = cryptoToken.getCryptoStore();

    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA", "SUN");
    KeyPair keyPair = keyPairGenerator.genKeyPair();

    System.out.println("key pair: " + keyPair);

    cryptoStore.importPrivateKey(keyPair.getPrivate().getEncoded(),
                                 org.mozilla.jss.crypto.PrivateKey.DSA);

    System.out.println("done");
  }
}



Reproducible: Always
Version: unspecified → 4.3
Assignee: gbmozilla → nobody
JSS development has moved from the Mozilla community to the Dogtag PKI community. Please re-file this bug at https://github.com/dogtagpki/jss if it is still relevant. Thank you!
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.