Crash when importing PKCS#12 files whose certbags are encrypted with AES

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Crash when importing PKCS#12 files whose certbags are encrypted with AES

Jonathan Schulze-Hewett
All,

 

I'm sure you're aware of this already, but in case you are not, Firefox/nss
crashes when it encounters a PKCS#12 file that uses AES to encrypt the
certificate bags. You can create these using OpenSSL's pkcs12 command with
the -certpbe option. Of course, it could be an issue with OpenSSL, but nss
still shouldn't crash on them.

 

Sincerely,

Jonathan

 

Jonathan Schulze-Hewett

Director of Development

Information Security Corp

[hidden email] <mailto:[hidden email]>

+1 708-445-1704

 

 


--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Crash when importing PKCS#12 files whose certbags are encrypted with AES

Hubert Kario
On Thursday, 10 May 2018 17:46:00 CEST Jonathan Schulze-Hewett wrote:
> All,
>
>
>
> I'm sure you're aware of this already, but in case you are not, Firefox/nss
> crashes when it encounters a PKCS#12 file that uses AES to encrypt the
> certificate bags. You can create these using OpenSSL's pkcs12 command with
> the -certpbe option. Of course, it could be an issue with OpenSSL, but nss
> still shouldn't crash on them.

which bug is it? example files? version of NSS? version of OpenSSL?

and no, there are no known interoperability issues between openssl and NSS
implementation of PKCS#12 with regards to AES encryption

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (849 bytes) Download Attachment