Christina,

Thank you so much for the help!  :-)

Steven

From: pki-users-request@redhat.com
Sent: ‎Tuesday‎, ‎July‎ ‎1‎, ‎2014 ‎11‎:‎00‎ ‎AM
To: pki-users@redhat.com

Send Pki-users mailing list submissions to
 pki-users@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit
 https://www.redhat.com/mailman/listinfo/pki-users
or, via email, send a message with subject or body 'help' to
 pki-users-request@redhat.com

You can reach the person managing the list at
 pki-users-owner@redhat.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pki-users digest..."


Today's Topics:

   1. Re: ECC entity certificate signing and Dogtag (Christina Fu)


----------------------------------------------------------------------

Message: 1
Date: Mon, 30 Jun 2014 11:15:24 -0700
From: Christina Fu <cfu@redhat.com>
To: pki-users@redhat.com
Subject: Re: [Pki-users] ECC entity certificate signing and Dogtag
Message-ID: <53B1A93C.5090005@redhat.com>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

Hi Steven,
NSS softtoken provides ECC on F20 out of box
(https://bugzilla.redhat.com/show_bug.cgi?id=1019244 ).

During installation, you just want to make sure that you select the
right option accordingly.

On the client side, the current firefox version supports CRMF key gen
with EC.  You can try it on one of the enrollment profiles at the EE port.
 From the CLI, certutil works well.    You can do something like the
following to get PKCS#10:
certutil -d . -R  -k ec -q nistp256 -s "CN=test2014" -a -o req.test2014

Christina

On 06/27/2014 10:02 AM, sbernst@gmail.com wrote:
> Hi there... It has been suggested that this is likely a question for
> CFU (Christina).
>
> How and where do I get the libraries to get ECC working on DogTag on
> FC20?  Specifically looking to sign client side generated PKCS#10 key
> blobs.  The Dogtag 10 release from 17 Jan 2013 suggested that this
> might be supported, but Info from the link below says that, "Certicom
> software tokens could not be used because of an issue with malformed
> private keys."
> https://www.redhat.com/archives/pki-users/2013-January/msg00001.html
>
> So what all is required to sign ECC generated requests? (not planning
> on use of TMS interface at this point). I saw that bug Bug 986831 says
> that, "Some tools are broken for ECC with NSS token alone," (from the
> 10.1 release announcement from November of last year
> https://www.redhat.com/archives/pki-users/2013-November/msg00001.html)
> <https://www.redhat.com/archives/pki-users/2013-November/msg00001.html%29>
> but I'm not authorized to view its details.  (I mention this to
> demonstrate that I'm trying to do my homework on this issue before
> asking for help.)
>
> Thank you so much, in advance, for any and all help.
>
> - Steven
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.redhat.com/archives/pki-users/attachments/20140630/3e54f20f/attachment.html>

------------------------------

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

End of Pki-users Digest, Vol 76, Issue 1
****************************************