On Sat, Aug 2, 2008 at 9:12 AM, David Allan <[EMAIL PROTECTED]> wrote: > Hi all, > > I would like to port the client side of a client-server application from > OpenSSL to NSS, but I've hit a snag: > > The client creates a symmetric key, encrypts it with the server's public > key and transmits it to the server. The server, over which I have no > control, expects the key to be encrypted with RSA OAEP. > > I have successfully created a symmetric key, imported the server's public > key, and wrapped the symmetric key using: > > PK11_PubWrapSymKey(CKM_RSA_PKCS_OAEP, > RSAPublicKey, > UnwrappedKey, > WrappedKey); > > But the server rejects the key. After reading over posts to this list and > the code, I believe that RSA OAEP is not yet supported by NSS. Is that > correct?
This is correct. RSA OAEP is not yet supported by NSS. The request for this feature is: https://bugzilla.mozilla.org/show_bug.cgi?id=158747 The only workaround is to extract the symmetric key as bytes (if the key can be extracted), manually format the OAEP block, and encrypt the block as data with CKM_RSA_X509. If you are interested, you can also try to implement RSA OAEP in NSS and submit a patch. We'll greatly appreciate that. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
