-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
None
-
7u17
-
linux_redhat_6.0
FULL PRODUCT VERSION :
java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux RHEL64.blr.novell.com 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
I am using nss as a fips plcs11 keystore as documented under http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS. I use the following code to generate an AES key and store in the keystore for later lookup for encryption/decryption.
//Keystore initialization
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pw.toCharArray());
//Generate AES 128 bit key
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey skey = kg.generateKey();
//Save generated Key
ks.setEntry(SECREY_KEY, new KeyStore.SecretKeyEntry(skey),
new KeyStore.PasswordProtection(pw.toCharArray()));
My application was working fine under RHEL 6.3 (nss 3.13). But when i upgraded to RHEL 6.4 (nss 3.14) i can see that the generated secretkey is not getting stored in the nss database.
I used nss-devel tool symkeyutil to verify against nss-3.13 and nss-3.14. (usage: ./symkeyutil -L -d /etc/opt/company/product/nss/). I can see that with old version, immediatly after ks.setEntry() method i can see entry in keystore. With nss-3.14, i never see the key getting stored.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Configure nss as per http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS
2) Run the above sample program to generate and save a key to nss keystore
3) Try to lookup the stored symetric key
3.1) using java: ks.getEntry(SECREY_KEY, new keyStore.PasswordProtection(pw.toCharArray()))
3.2) using nss tools:
/symkeyutil -L -d /etc/opt/company/product/nss
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Previously generated/stored SymetricKey should be retrieved.
ACTUAL -
Key is not stored.
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux RHEL64.blr.novell.com 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
I am using nss as a fips plcs11 keystore as documented under http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS. I use the following code to generate an AES key and store in the keystore for later lookup for encryption/decryption.
//Keystore initialization
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pw.toCharArray());
//Generate AES 128 bit key
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey skey = kg.generateKey();
//Save generated Key
ks.setEntry(SECREY_KEY, new KeyStore.SecretKeyEntry(skey),
new KeyStore.PasswordProtection(pw.toCharArray()));
My application was working fine under RHEL 6.3 (nss 3.13). But when i upgraded to RHEL 6.4 (nss 3.14) i can see that the generated secretkey is not getting stored in the nss database.
I used nss-devel tool symkeyutil to verify against nss-3.13 and nss-3.14. (usage: ./symkeyutil -L -d /etc/opt/company/product/nss/). I can see that with old version, immediatly after ks.setEntry() method i can see entry in keystore. With nss-3.14, i never see the key getting stored.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Configure nss as per http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS
2) Run the above sample program to generate and save a key to nss keystore
3) Try to lookup the stored symetric key
3.1) using java: ks.getEntry(SECREY_KEY, new keyStore.PasswordProtection(pw.toCharArray()))
3.2) using nss tools:
/symkeyutil -L -d /etc/opt/company/product/nss
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Previously generated/stored SymetricKey should be retrieved.
ACTUAL -
Key is not stored.
REPRODUCIBILITY :
This bug can be reproduced always.