Hi Steven,
NSS softtoken provides ECC on F20 out of box
(
https://bugzilla.redhat.com/show_bug.cgi?id=1019244 ).
During installation, you just want to make sure that you select the
right option accordingly.
On the client side, the current firefox version supports CRMF key gen
with EC. You can try it on one of the enrollment profiles at the EE port.
From the CLI, certutil works well. You can do something like the
following to get PKCS#10:
certutil -d . -R -k ec -q nistp256 -s "CN=test2014" -a -o req.test2014
Christina
On 06/27/2014 10:02 AM, sbernst(a)gmail.com wrote:
Hi there... It has been suggested that this is likely a question for
CFU (Christina).
How and where do I get the libraries to get ECC working on DogTag on
FC20? Specifically looking to sign client side generated PKCS#10 key
blobs. The Dogtag 10 release from 17 Jan 2013 suggested that this
might be supported, but Info from the link below says that, "Certicom
software tokens could not be used because of an issue with malformed
private keys."
https://www.redhat.com/archives/pki-users/2013-January/msg00001.html
So what all is required to sign ECC generated requests? (not planning
on use of TMS interface at this point). I saw that bug Bug 986831 says
that, "Some tools are broken for ECC with NSS token alone," (from the
10.1 release announcement from November of last year
https://www.redhat.com/archives/pki-users/2013-November/msg00001.html)
<
https://www.redhat.com/archives/pki-users/2013-November/msg00001.html%29>
but I'm not authorized to view its details. (I mention this to
demonstrate that I'm trying to do my homework on this issue before
asking for help.)
Thank you so much, in advance, for any and all help.
- Steven
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users