I'm generating keys in the softoken and then exporting them to PKCS12 files with their freshly issued certs. I get the private key using the getEncryptedPrivateKeyInfo method of CryptoStore.
This epki is reporting a 16 byte salt but when I ask the algorithm for its salt size, I get 20. When I try to unwrap the key I get: javax.crypto.BadPaddingException: Given final block not properly padded Using PBEAlgorithm pbeAlgorithm = PBEAlgorithm.PBE_SHA1_DES3_CBC; pbeAlgorithm.getSaltLength() = 20 Encrypted private key info's salt: 0x6d469a0e62d57c5482e589562eeb2236 I've tried some of the other algorithms and it appears the getEncryptedPrivateKeyInfo (which is one of the native methods of JSS) *always* returns an EPKI with 16 bytes of salt and it's confusing other applications/APIs that are expecting more or less (8 and 20 seem to be the most popular). Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
