Closed
Bug 472016
Opened 16 years ago
Closed 2 years ago
Provide support for Mozilla-JSS provider to specify Key usage
Categories
(JSS Graveyard :: Library, defect)
JSS Graveyard
Library
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: roman.bugzilla, Unassigned)
References
Details
Attachments
(1 file)
|
15.17 KB,
patch
|
glenbeasley
:
review-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18 Build Identifier: trunk org.mozilla.jss.pkcs11.PK11KeyPairGenerator API does not have a way to specify generated key usage. PK11KeyPairGenerator.c currently delegates native methods calls to PK11_GenerateKeyPairWithFlags method, using recently added (https://bugzilla.mozilla.org/show_bug.cgi?id=376417) PK11_GenerateKeyPairWithOpFlags method instead instead should help. For e.g. this issue makes it impossible to generate keys on some devices which require single-usage keys, such as some Aladdin eTokens. Reproducible: Always Steps to Reproduce: 1. There is no way in org.mozilla.jss.pkcs11.PK11KeyPairGenerator API to specify key usage. Actual Results: Impossible to generate single-usage keys
|
Reporter | |
Comment 1•16 years ago
|
||
The attached is a patch which allow to specify key usage when generating RSA key pair via pk11. Key usage is specified via org.mozilla.jss.crypto.RSAParameterSpec in order to use javax.crypto.KeyGenerator JCA interface for key pair generation. The practical issue I had here requires only RSA so this patch solves only problem for RSA key pair generation, key usage for DSA and EC is not implemented in it. Tested successfully on Aladdin eToken Pro 64K via opensc pkcs11 library using TestSingleUsageKeyGen.java test case.
|
||
Updated•15 years ago
|
Attachment #355409 -
Flags: review?(glen.beasley)
|
|
||
Updated•14 years ago
|
Assignee: gbmozilla → nobody
|
|
||
Comment 2•14 years ago
|
||
Comment on attachment 355409 [details] [diff] [review] A patch to specify key usage for RSA key generation through pk11 bug 507524 provided support to specify key usage when generating keys. Bug 507524 did not expose support for the javax.crypto.KeyGenerator JCA interface for key pair generation. This patch should be written to use the current source that exposes PK11_GenerateKeyPairWithOpFlags and add support for the Mozilla-JSS avax.crypto.KeyGenerator JCA interface.
Attachment #355409 -
Flags: review?(gbmozilla) → review-
|
|
||
Updated•14 years ago
|
Summary: Update API for Generating Keypair via PKCS11: Specify Key Usage → Provide support for Mozilla-JSS provider to specify Key usage
|
||
Comment 4•2 years ago
|
||
JSS development has moved from the Mozilla community to the Dogtag PKI community. Please re-file this bug at https://github.com/dogtagpki/jss if it is still relevant. Thank you!
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•