Unable to import DSA key with CryptoStore.importPrivateKey()

UNCONFIRMED
Unassigned

Status

JSS
Library
UNCONFIRMED
8 years ago
8 years ago

People

(Reporter: bob.e.foss, Unassigned)

Tracking

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8
Build Identifier: 4.3 RTM (with NSPR 4.8 and NSS 3.12.4)

I believe the issue is that "publicValue" is not set
in org/mozilla/jss/pkcs11/PK11Store.c:
    status = PK11_ImportDERPrivateKeyInfo(slot, &derPK, &nickname,
                NULL /*public value*/, PR_TRUE /*isPerm*/,
                PR_TRUE /*isPrivate*/, 0 /*keyUsage*/, NULL /*wincx*/);

but NSS requires it for DSA keys in security/nss/lib/pk11wrap/pk11pk12.c:
    case dsaKey:
            keyType = CKK_DSA;
            /* To make our intenal PKCS #11 module work correctly with 
             * our database, we need to pass in the public key value for 
             * this dsa key. We have a netscape only CKA_ value to do this.
             * Only send it to internal slots */
            if( publicValue == NULL ) {
                goto loser;
            }

So if it is a requirement to have the public key value to import,
I'm guessing there would need to be another method to call in
CryptoStore to pass the publicKey in with the private key.

Below is sample code demonstrating it breaking.
RSA keys work fine (RSA from SunJSSE).


import java.security.KeyPair;
import java.security.KeyPairGenerator;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.CryptoStore;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.util.ConsolePasswordCallback;


public class ImportDsa {

  public static void main(String[] args)
    throws Exception {

    CryptoManager.InitializationValues initializationValues = new CryptoManager.InitializationValues(".");
    initializationValues.fipsMode = CryptoManager.InitializationValues.FIPSMode.DISABLED;
    CryptoManager.initialize(initializationValues);

    CryptoManager cryptoManager = CryptoManager.getInstance();
    CryptoToken cryptoToken = cryptoManager.getInternalKeyStorageToken();
    cryptoToken.login(new ConsolePasswordCallback());

    CryptoStore cryptoStore = cryptoToken.getCryptoStore();

    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA", "SUN");
    KeyPair keyPair = keyPairGenerator.genKeyPair();

    System.out.println("key pair: " + keyPair);

    cryptoStore.importPrivateKey(keyPair.getPrivate().getEncoded(),
                                 org.mozilla.jss.crypto.PrivateKey.DSA);

    System.out.println("done");
  }
}



Reproducible: Always
(Reporter)

Updated

8 years ago
Version: unspecified → 4.3

Updated

8 years ago
Assignee: gbmozilla → nobody
You need to log in before you can comment on or make changes to this bug.