Closed Bug 918756 Opened 11 years ago Closed 1 year ago

Symmetric key missing after 3.14 upgrade

Categories

(NSS :: Libraries, defect, P5)

3.14
x86_64
Linux

Tracking

(Not tracked)

RESOLVED INACTIVE

People

(Reporter: satul, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0 (Nightly/Aurora) Build ID: 20121119183901 Steps to reproduce: 1) Environment is RHEL 6.3 (Having nss-3.13). 2) Create nss db in FIPS mode. 3) Create a 128 bit AES symetric key. (Using sunpkcs11) 4) Check that the key is there using symkeyutil eg: [root@server unsupported-tools]# ./symkeyutil -L -d /etc/opt/company/product/nss/ Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": Name Len Strength Type Data NSS FIPS 140-2 Certificate DB: SecretKey 16 128 aes <restricted> 5) Upgrade to RHEL 6.4 (Which have nss-3.14) 6) Check the keys again using symkeyutil to find to the horror that its missing. 7) Checking public/private keys using certutil, those are intact. Only symetric key is missing. 8) Try generating new Symmetric key using sunpkcs11 and trying to save as before. But its not getting saved in keystore. Actual results: With nss-3.14, Symetric keys are not getting saved. Existing Symetric Keys from 3.13 are lost. Expected results: Existing keys intact during an upgrade (like 3.12 to 3.13 upgrade). Ability to store new keys.
This issue is highly critical since the key is missing, there is no way to recover existing encrypted data.
Severity: normal → critical
OS: All → Linux
Priority: -- → P1
Hardware: All → x86_64
Facing the same issue Following code works fine with nss-3.12, Fails after upgrading to RHEL 6.4 with 3.14 //import java.security.KeyStore //import javax.crypto.KeyGenerator; //import javax.crypto.SecretKey; KeyStore keyStore = KeyStore.getInstance("PKCS11"); KeyGenerator keyGen = KeyGenerator.getInstance("AES", "SunPKCS11-NSSfips"); keyGen.init(256); SecretKey key = keyGen.generateKey(); keyStore.setKeyEntry("my_store", key, keyPassword, null); Enumeration<String> aliases = keyStore.aliases(); System.out.println("Alias size : " + keyStore.size()); // aliases size is zero
I would like to try working on this. Can you please guide me on how to start?

I did this summarized documentation when I did my first contribution for NSS Project:
https://github.com/marcusburghardt/nss-tips/blob/master/dev-fasttrack

I hope this help you start.

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: critical → --
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → REOPENED
Ever confirmed: true
Priority: P1 → P5
Resolution: WONTFIX → ---

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(bbeurdouche)
Severity: -- → N/A
Status: REOPENED → RESOLVED
Closed: 2 years ago1 year ago
Flags: needinfo?(bbeurdouche)
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.