Closed
Bug 918756
Opened 11 years ago
Closed 1 year ago
Symmetric key missing after 3.14 upgrade
Categories
(NSS :: Libraries, defect, P5)
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: satul, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0 (Nightly/Aurora)
Build ID: 20121119183901
Steps to reproduce:
1) Environment is RHEL 6.3 (Having nss-3.13).
2) Create nss db in FIPS mode.
3) Create a 128 bit AES symetric key. (Using sunpkcs11)
4) Check that the key is there using symkeyutil
eg:
[root@server unsupported-tools]# ./symkeyutil -L -d /etc/opt/company/product/nss/
Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
Name Len Strength Type Data
NSS FIPS 140-2 Certificate DB:
SecretKey 16 128 aes <restricted>
5) Upgrade to RHEL 6.4 (Which have nss-3.14)
6) Check the keys again using symkeyutil to find to the horror that its missing.
7) Checking public/private keys using certutil, those are intact. Only symetric key is missing.
8) Try generating new Symmetric key using sunpkcs11 and trying to save as before. But its not getting saved in keystore.
Actual results:
With nss-3.14, Symetric keys are not getting saved. Existing Symetric Keys from 3.13 are lost.
Expected results:
Existing keys intact during an upgrade (like 3.12 to 3.13 upgrade). Ability to store new keys.
Reporter | ||
Comment 1•11 years ago
|
||
This issue is highly critical since the key is missing, there is no way to recover existing encrypted data.
Severity: normal → critical
OS: All → Linux
Priority: -- → P1
Hardware: All → x86_64
Facing the same issue
Following code works fine with nss-3.12,
Fails after upgrading to RHEL 6.4 with 3.14
//import java.security.KeyStore
//import javax.crypto.KeyGenerator;
//import javax.crypto.SecretKey;
KeyStore keyStore = KeyStore.getInstance("PKCS11");
KeyGenerator keyGen = KeyGenerator.getInstance("AES", "SunPKCS11-NSSfips");
keyGen.init(256);
SecretKey key = keyGen.generateKey();
keyStore.setKeyEntry("my_store", key, keyPassword, null);
Enumeration<String> aliases = keyStore.aliases();
System.out.println("Alias size : " + keyStore.size()); // aliases size is zero
Comment 3•6 years ago
|
||
I would like to try working on this. Can you please guide me on how to start?
Comment 4•6 years ago
|
||
I did this summarized documentation when I did my first contribution for NSS Project:
https://github.com/marcusburghardt/nss-tips/blob/master/dev-fasttrack
I hope this help you start.
Comment 5•2 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: critical → --
Updated•2 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
Updated•2 years ago
|
Status: RESOLVED → REOPENED
Ever confirmed: true
Priority: P1 → P5
Resolution: WONTFIX → ---
Comment 6•1 year ago
|
||
The severity field is not set for this bug.
:beurdouche, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(bbeurdouche)
Updated•1 year ago
|
Severity: -- → N/A
Status: REOPENED → RESOLVED
Closed: 2 years ago → 1 year ago
Flags: needinfo?(bbeurdouche)
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•