I just wanted to send out a quick thanks to all those who steered me in
the right direction with my application. I've finally successfully been
able to generate a symmetric key, encrypted (wrap) it with a public key
from my CAC card, save it, log into my card, and unwrap it. NSS was
definitely a lot easier than doing low level card apdu calls. I hope to
put together a simple howto for CAC and NSS as soon as I finish my project.
Stephen
Robert Relyea wrote:
Timothy J. Miller wrote:
Since you're using the CAC you need to stick with a FIPS validated
crypto library--either the FIPS version of OpenSSL (if you can find
someone who has it) or the FIPS version NSS (3.6, IIRC) if you're
working on UNIX.
The most recent versions are NSS 3.11.4,5 or any NSS with 3.11.4
softoken (RHEL5 and Fedora 7,8 ship with later versions of NSS but
3.11.4 softoken). see http://wiki.mozilla.org/FIPS_Validation
Earlier validated versions were:
NSS 3.2.2:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#248
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#247
Netscape Security Module 1.01 (no longer available)
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#47
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#45
Netscape Security Module 1 (no longer available)
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#7
bob
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel