Assertion failure: name != ECCurve25519, at ecl/ecl.c:273 trying to create CSR for Curve25519
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: saper, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0
Steps to reproduce:
I am using nss 3.53 built with debug on FreeBSD (from FreeBSD ports):
set -e
mkdir nss
openssl rand -base64 -out nss/pw 21
certutil -d nss -f nss/pw -N
certutil -d nss -f nss/pw -G -k ec -q curve25519
certutil -d nss -f nss/pw -R -k ec -q curve25519 -s 'cn=eddsa maybe'
Actual results:
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:
Generating key. This may take a few moments...
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:
Generating key. This may take a few moments...
Assertion failure: name != ECCurve25519, at ecl/ecl.c:273
Abort trap (core dumped)
Expected results:
I'd like to have not only the Curve25519 key generated, but also I'd like to have a key usable with Ed25519 that can be used to sign a certificate request.
If this is right https://crypto.stackexchange.com/a/76158 we could have two public keys for one curve (ECDH and the EdDSA key) and use the same private key for both?
Is EdDSA supported at all? (https://bugzilla.mozilla.org/show_bug.cgi?id=957105 seemed to be only about key exchange to me). If no, https://bugzilla.mozilla.org/show_bug.cgi?id=1597057 might also be blocked by this.
Comment 1•6 years ago
|
||
The severity field is not set for this bug.
:jcj, could you have a look please?
For more information, please visit auto_nag documentation.
Comment 2•6 years ago
|
||
NSS does not currently support EdDSA. There is a tracking bug (bug 1325335) for its addition, which you might want to track.
Updated•6 years ago
|
Updated•6 years ago
|
Description
•