FIPS mode key import?

16 views
Skip to first unread message

Chris Newman

unread,
Jun 1, 2020, 12:39:24 PM6/1/20
to mozilla's crypto code discussion list
I have NSS-based DKIM signing working in our mail server software, but
run into a problem when trying to do it in FIPS mode.

I've been importing the DKIM private key using either
PK11_ImportPrivateKeyInfoAndReturnKey or
PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in
FIPS mode (they map to C_CreateObject which disallows raw key import).
If FIPS mode only supports import of an encrypted private key, how would
I import the symmetric key that was used to encrypt the private key?
Seems like a catch22 for a distributed system where keys have to move
around.

I like to avoid the OpenSSL-crypto-monoculture, but right now it looks
like using OpenSSL-FIPS is the fastest path forward. Any suggestions for
a way I could keep using NSS for this?

- Chris

Paul Wouters

unread,
Jun 1, 2020, 1:47:50 PM6/1/20
to mozilla's crypto code discussion list
On Mon, 1 Jun 2020, Chris Newman wrote:

> I've been importing the DKIM private key using either
> PK11_ImportPrivateKeyInfoAndReturnKey or
> PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in FIPS
> mode (they map to C_CreateObject which disallows raw key import). If FIPS
> mode only supports import of an encrypted private key, how would I import the
> symmetric key that was used to encrypt the private key? Seems like a catch22
> for a distributed system where keys have to move around.

pk12util can import a key-wrapped private key and certificate bundle.
This symmetric key is password protected, but you can specify this
password via a (tmp)file or commandline argument.

We automated this in our (libreswan) testing using;

pk12util -W ourpassword -K '' -d sql:/etc/ipsec.d -i /testing/x509/selfsigned/east-selfsigned.p12

Paul

Alan Braggins

unread,
Jun 19, 2020, 7:29:45 AM6/19/20
to mozilla's crypto code discussion list
I don't know how it maps to NSS, but at the PKCS#11 layer you can generate a key pair, export the public key (even in FIPS mode, because it's public), use the public key to encrypt your secret key, then unwrap that with the private key. Then you can use that secret key to unwrap private keys.
(At least one HSM has a PKCS#11 library that effectively does that for you, so it just allows plaintext import and export of non-CKA_SENSITIVE keys even if strict FIPS mode restricts the HSM boundary.)
________________________________
From: dev-tech-crypto <dev-tech-cr...@lists.mozilla.org> on behalf of Chris Newman <chris....@oracle.com>
Sent: 01 June 2020 17:38
To: mozilla's crypto code discussion list <dev-tec...@lists.mozilla.org>
Subject: FIPS mode key import?

CAUTION: This email originated from outside of PulseSecure. Do not click links or open attachments unless you recognize the sender and know the content is safe.


I have NSS-based DKIM signing working in our mail server software, but
run into a problem when trying to do it in FIPS mode.

I've been importing the DKIM private key using either
PK11_ImportPrivateKeyInfoAndReturnKey or
PK11_ImportDERPrivateKeyInfoAndReturnKey, but these APIs don't work in
FIPS mode (they map to C_CreateObject which disallows raw key import).
If FIPS mode only supports import of an encrypted private key, how would
I import the symmetric key that was used to encrypt the private key?
Seems like a catch22 for a distributed system where keys have to move
around.

I like to avoid the OpenSSL-crypto-monoculture, but right now it looks
like using OpenSSL-FIPS is the fastest path forward. Any suggestions for
a way I could keep using NSS for this?

- Chris
--
dev-tech-crypto mailing list
dev-tec...@lists.mozilla.org
https://app-us.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNWVkNTM0YTllMTMzMjI1OWMyYTIzNjU5IiwidXJsIjoiIn0.nC--nvz2SsPWjp5OWXGSmXxxci-E05q5XCMI5z03l0g&url=https%3A//nam04.safelinks.protection.outlook.com/%3Furl%3Dhttps%253A%252F%252Flists.mozilla.org%252Flistinfo%252Fdev-tech-crypto%26amp%3Bdata%3D02%257C01%257C%257C16d46204adef48e5b7cd08d8064a564e%257C3290a9179dd643db843ba3e376f9f96c%257C0%257C1%257C637266263636461480%26amp%3Bsdata%3DhbeaCwPoa9HPjleDPJSw6CjjmEJz%252FFv5p4shli%252BoYRg%253D%26amp%3Breserved%3D0
Reply all
Reply to author
Forward
0 new messages