Provide support for Mozilla-JSS provider to specify Key usage

UNCONFIRMED
Unassigned

Status

JSS
Library
UNCONFIRMED
9 years ago
8 years ago

People

(Reporter: roman.bugzilla, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18
Build Identifier: trunk

org.mozilla.jss.pkcs11.PK11KeyPairGenerator API does not have a way to specify generated key usage. 

PK11KeyPairGenerator.c currently delegates native methods calls to PK11_GenerateKeyPairWithFlags method, using recently added (https://bugzilla.mozilla.org/show_bug.cgi?id=376417) PK11_GenerateKeyPairWithOpFlags method instead instead should help. 

For e.g. this issue makes it impossible to generate keys on some devices which require single-usage keys, such as some Aladdin eTokens.

Reproducible: Always

Steps to Reproduce:
1. There is no way in org.mozilla.jss.pkcs11.PK11KeyPairGenerator API to specify key usage.
Actual Results:  
Impossible to generate single-usage keys
(Reporter)

Comment 1

9 years ago
Created attachment 355409 [details] [diff] [review]
A patch to specify key usage for RSA key generation through pk11

The attached is a patch which allow to specify key usage when generating RSA key pair via pk11. Key usage is specified via org.mozilla.jss.crypto.RSAParameterSpec in order to use javax.crypto.KeyGenerator JCA interface for key pair generation.

The practical issue I had here requires only RSA so this patch solves only problem for RSA key pair generation, key usage for DSA and EC is not implemented in it.

Tested successfully on Aladdin eToken Pro 64K via opensc pkcs11 library using TestSingleUsageKeyGen.java test case.

Updated

9 years ago
Attachment #355409 - Flags: review?(glen.beasley)

Updated

8 years ago
Assignee: gbmozilla → nobody

Comment 2

8 years ago
Comment on attachment 355409 [details] [diff] [review]
A patch to specify key usage for RSA key generation through pk11

bug 507524 provided support to specify key usage when generating keys. Bug 507524 did not expose support for the javax.crypto.KeyGenerator JCA interface for key pair generation.  This patch should be written to use the current source that  exposes PK11_GenerateKeyPairWithOpFlags and add support for the Mozilla-JSS avax.crypto.KeyGenerator JCA interface.
Attachment #355409 - Flags: review?(gbmozilla) → review-

Updated

8 years ago
Summary: Update API for Generating Keypair via PKCS11: Specify Key Usage → Provide support for Mozilla-JSS provider to specify Key usage

Updated

8 years ago
Duplicate of this bug: 518270

Updated

8 years ago
Depends on: 507524
You need to log in before you can comment on or make changes to this bug.