Christian Bongiorno wrote:
I am currently trying to sign some data in tbird and the signature is not valid.The incoming data I get (C_Sign()) is an ASN1_STRING of the SHA1 hash of the message. Currently, I am encrypting the whole thing and returning raw data back.Should I be decoding the ASN1 input, encrypting the hash, then returning it as ASN1 encoded?
Depends on the mechanism that you have been asked for: CKM_RSA_X509 - just encrypted the data with no additional formatting.CKM_RSA_PKCS - format the block with PKCS 1.5 encoding. The block should be formatted as is, if raw hashes are passed in, format the raw hashes, if ASN1 encoded data, encode that whole block.
See section 12.1.6 and 12.1.12 of the PKCS #11 spec (version 2.20). bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
