Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-114443

NSS: Updating nss database password corupts ML-DSA seed.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-10.0.z, rhel-10.1
    • nss
    • None
    • No
    • Low
    • 1
    • rhel-security-crypto-clubs
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25November
    • None
    • None
    • Known Issue
    • Hide
      .Updating the NSS database password corrupts the ML-DSA seed

      Generating an ML-DSA key begins with a seed, which is sufficient to derive the key. However, the keys can also be expanded to accelerate subsequent operations. If you have ML-DSA keys in an NSS database, either generated or imported, both the expanded format and the seed are likely stored. Due to a bug in how NSS handles database re-encryption, if you change the password of the database, the seed attribute is not updated to accommodate the new password, and its value is permanently lost, even with the knowledge of the previous password.

      To work around this problem, export the key before updating the password and re-import it after the update.
      Show
      .Updating the NSS database password corrupts the ML-DSA seed Generating an ML-DSA key begins with a seed, which is sufficient to derive the key. However, the keys can also be expanded to accelerate subsequent operations. If you have ML-DSA keys in an NSS database, either generated or imported, both the expanded format and the seed are likely stored. Due to a bug in how NSS handles database re-encryption, if you change the password of the database, the seed attribute is not updated to accommodate the new password, and its value is permanently lost, even with the knowledge of the previous password. To work around this problem, export the key before updating the password and re-import it after the update.
    • In Progress
    • Unspecified
    • Required
    • Unspecified
    • None

      ML-DSA keys come in multiple formats. Generating one starts with a seed, and the seed is enough to derive the key, but the keys could be also expanded to speed up subsequent operations with them. If you have ML-DSA keys in an NSS database, either generated or imported, it is highly likely that both the expanded format and the seed are stored. Due to an issue with how NSS handles database reencryption, if you decide to change the password of the database, the seed attribute will not get updated to accommodate the new password and its value will be permanently lost.

      Due to security reasons it is impossible to recover it even with the knowledge of the previous password, unless one has a backup of the database or the key made before the password change took place. The only way to work around this issue is to export the key before updating the password and re-import it after the update.

              rrelyea Robert Relyea
              fkrenzel František Krenželok
              Robert Relyea
              Robert Relyea Robert Relyea
              Joao Silva Joao Silva
              Zuzana Zoubkova Zuzana Zoubkova
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: