Hi Steven,
NSS softtoken provides ECC on F20 out of box (https://bugzilla.redhat.com/show_bug.cgi?id=1019244 ).

During installation, you just want to make sure that you select the right option accordingly.

On the client side, the current firefox version supports CRMF key gen with EC. You can try it on one of the enrollment profiles at the EE port.
From the CLI, certutil works well. You can do something like the following to get PKCS#10:
certutil -d . -R -k ec -q nistp256 -s "CN=test2014" -a -o req.test2014

Christina

On 06/27/2014 10:02 AM, sbernst@gmail.com wrote:

Hi there... It has been suggested that this is likely a question for CFU (Christina).

How and where do I get the libraries to get ECC working on DogTag on FC20? Specifically looking to sign client side generated PKCS#10 key blobs. The Dogtag 10 release from 17 Jan 2013 suggested that this might be supported, but Info from the link below says that, “Certicom software tokens could not be used because of an issue with malformed private keys.”

https://www.redhat.com/archives/pki-users/2013-January/msg00001.html

So what all is required to sign ECC generated requests? (not planning on use of TMS interface at this point). I saw that bug Bug 986831 says that, “Some tools are broken for ECC with NSS token alone,” (from the 10.1 release announcement from November of last year https://www.redhat.com/archives/pki-users/2013-November/msg00001.html) but I'm not authorized to view its details. (I mention this to demonstrate that I'm trying to do my homework on this issue before asking for help.)

Thank you so much, in advance, for any and all help.

- Steven
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users