Open
Bug 372439
Opened 18 years ago
Updated 2 years ago
PKCS#12 export with empty password produces incorrect encoding of MacData in PFX object
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: mozilla, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1)
Generated PFX DER data with MacData uses empty password incorrectly, violating following quote from Chapter B, section B.2, item 3 of PKCS#12 standard [1]:
"Note that if the password is the empty string, then so is P."
[1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf
Reproducible: Always
Steps to Reproduce:
1. Click Firefox Preferences | Advanced | Encryption | Certificate Manager | Your Certificates --> Backup.
2. Enter a file name
3. In the password field enter a character and then delete it. OK button becomes enabled.
4. Click OK.
Actual Results:
I verified that the generated PFX object uses 2-byte BMPString "00 00" in hex notation when preparing a string to be hashed. Correct implementation is to use zero-length BMPString for an empty password.
Expected Results:
PKCS#12 compatibility with [1].
Workarounds:
1) Use non-empty password.
2) Fix Firefox UI to truly disable empty password
Updated•18 years ago
|
Assignee: nobody → neil.williams
Updated•18 years ago
|
Target Milestone: --- → 3.11.8
Updated•18 years ago
|
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Updated•18 years ago
|
Target Milestone: 3.11.8 → Future
Updated•18 years ago
|
Target Milestone: Future → ---
Updated•17 years ago
|
Assignee: neil.williams → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•