certutil: unable to generate key(s) for a passwordless database

RESOLVED INVALID

Status

NSS
Tools
--
enhancement
RESOLVED INVALID
14 years ago
10 years ago

People

(Reporter: timeless, Assigned: Julien Pierre)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x 
-d . -1 -2 -5

I generate the seed as requested, and then I get the following message:

certutil: unable to generate key(s)
: An I/O error occurred during security authorization.

---
I've tried playing with this code and I can't figure out how to get
pk11_handleObject 
    /* don't create a private object if we aren't logged in */
    if ((!slot->isLoggedIn) && (slot->needLogin) &&
				(pk11_isTrue(object,CKA_PRIVATE))) {
	return CKR_USER_NOT_LOGGED_IN;
    }
to play nice. I tried using isfriendly but that didn't work.

I can't see any reason to require a password on the database, just to add a cert.
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
(Assignee)

Comment 1

11 years ago
I created a passwordless database too with :

certutil -d . -N

I could not reproduce the problem .

[jp96085@monstre]/net/monstre/export/home/julien/nss/tip/mozilla/dist/SunOS5.10_i86pc_DBG.OBJ/bin 290 % ./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x -d . -1 -2 -5

A random seed must be generated that will be used in the
creation of your key.  One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.

To begin, type keys on the keyboard until this progress meter
is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!


Continue typing until the progress meter is full:

|************************************************************|

Finished.  Press enter to continue:

Generating key.  This may take a few moments...

                          0 - Digital Signature
                          1 - Non-repudiation
                          2 - Key encipherment
                          3 - Data encipherment
                          4 - Key agreement
                          5 - Cert signing key
                          6 - CRL signing key
                          Other to finish
0
                          0 - Digital Signature
                          1 - Non-repudiation
                          2 - Key encipherment
                          3 - Data encipherment
                          4 - Key agreement
                          5 - Cert signing key
                          6 - CRL signing key
                          Other to finish
7
Is this a critical extension [y/N]?
n
Is this a CA certificate [y/N]?
y
Enter the path length constraint, enter to skip [<0 for unlimited path]:
1
Is this a critical extension [y/N]?
n
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for future use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
5
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for future use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
8
Is this a critical extension [y/N]?
n

I did recreate the problem with no db at all, but that's not the same as a passwordless database - that's user error. Marking INVALID.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
(Assignee)

Updated

11 years ago
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
(Assignee)

Updated

11 years ago
Assignee: nobody → julien.pierre.boogz
(Assignee)

Updated

11 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.