NSS 3.101 is supposed to support EdDSA certificates, but I can't get it to import one:
reproducer
cat > key <<EOF -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp -----END PRIVATE KEY----- EOF cat > cert <<EOF -----BEGIN CERTIFICATE----- MIIBcDCCASKgAwIBAgITGz6zL8fCL93bElmwkKaEVA49zzAFBgMrZXAwNTEzMDEG A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA1MTMwMQYDVQQDEypT YW1wbGUgTEFNUFMgRWQyNTUxOSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwKjAFBgMr ZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+RKE3URyp+eN2TxJDBKNDMEEwDwYDVR0T AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRropV9uhSb5C0E 0Qek0YLkLmuMtTAFBgMrZXADQQCpSPkvILHd5nLh+YT34REF0VVphNaxdw1dnx/J 7BGYvgKOObND0sqpkpc1neTiIi9gdfs5zSIak6TnVDdiuccK -----END CERTIFICATE----- EOF openssl pkcs12 -export -out p12 -in cert -inkey key -passout pass: mkdir s255 certutil -N -d sql:s255 --empty-password pk12util -i p12 -d sql:s255 -W ''
observed output
pk12util: no nickname for cert in PKCS12 file. pk12util: using nickname: Sample LAMPS Ed25519 Certificate Authority pk12util: no nickname for cert in PKCS12 file. pk12util: using nickname: Sample LAMPS Ed25519 Certificate Authority pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
- is cloned by
-
RHEL-145195 NSS 3.101 cannot import mlkem certs
-
- Planning
-
