Closed
Bug 242633
Opened 20 years ago
Closed 17 years ago
certutil: unable to generate key(s) for a passwordless database
Categories
(NSS :: Tools, enhancement)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: timeless, Assigned: julien.pierre)
References
()
Details
./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x
-d . -1 -2 -5
I generate the seed as requested, and then I get the following message:
certutil: unable to generate key(s)
: An I/O error occurred during security authorization.
---
I've tried playing with this code and I can't figure out how to get
pk11_handleObject
/* don't create a private object if we aren't logged in */
if ((!slot->isLoggedIn) && (slot->needLogin) &&
(pk11_isTrue(object,CKA_PRIVATE))) {
return CKR_USER_NOT_LOGGED_IN;
}
to play nice. I tried using isfriendly but that didn't work.
I can't see any reason to require a password on the database, just to add a cert.
|
||
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
||
Updated•18 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
|
Assignee | |
Comment 1•17 years ago
|
||
I created a passwordless database too with :
certutil -d . -N
I could not reproduce the problem .
[jp96085@monstre]/net/monstre/export/home/julien/nss/tip/mozilla/dist/SunOS5.10_i86pc_DBG.OBJ/bin 290 % ./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x -d . -1 -2 -5
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:
Generating key. This may take a few moments...
0 - Digital Signature
1 - Non-repudiation
2 - Key encipherment
3 - Data encipherment
4 - Key agreement
5 - Cert signing key
6 - CRL signing key
Other to finish
0
0 - Digital Signature
1 - Non-repudiation
2 - Key encipherment
3 - Data encipherment
4 - Key agreement
5 - Cert signing key
6 - CRL signing key
Other to finish
7
Is this a critical extension [y/N]?
n
Is this a CA certificate [y/N]?
y
Enter the path length constraint, enter to skip [<0 for unlimited path]:
1
Is this a critical extension [y/N]?
n
0 - SSL Client
1 - SSL Server
2 - S/MIME
3 - Object Signing
4 - Reserved for future use
5 - SSL CA
6 - S/MIME CA
7 - Object Signing CA
Other to finish
5
0 - SSL Client
1 - SSL Server
2 - S/MIME
3 - Object Signing
4 - Reserved for future use
5 - SSL CA
6 - S/MIME CA
7 - Object Signing CA
Other to finish
8
Is this a critical extension [y/N]?
n
I did recreate the problem with no db at all, but that's not the same as a passwordless database - that's user error. Marking INVALID.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
|
|
Assignee | |
Updated•17 years ago
|
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
|
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → julien.pierre.boogz
|
|
Assignee | |
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•