Hi Nelson, Thanks for all the info.
> As you probably know, the IETF standards for SSL (TLS), including TLS 1.0 > (RFC 2246), TLS 1.1 (RFC 4346), and TLS 1.2 (presently an Internet Draft, > <ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-tls-rfc4346-bis-10.txt> > ), all specify that the RSA encryption to be used is that specified in > PKCS#1 v1.5 (or equivalently, as specified in PKCS#1 v 2.1 > under the name RSASSA-PKCS1-v1_5), which is NOT OAEP, and is not > interoperable with OAEP. A server that allows or requires OAEP encryption > of RSA encrypted pre-master secrets is not standards compliant nor > interoperable with clients that are standards compliant. NSS doesn't > provide for the use of OAEP in TLS because the standards don't allow it. I wasn't aware that the SSL/TLS standards require PKCS1-v1_5, but I've become quite aware of the non-interoperatbility of v1_5 and OAEP. :) The server doesn't implement SSL/TLS--I'm only using NSS for RSA and AES operations. The server, which I ought to have mentioned in my first post, is the audio daemon in the Apple Airport Express, which simply uses RSA to encrypt an AES session key to encrypt an audio stream. >> PK11_PubWrapSymKey(CKM_RSA_PKCS_OAEP, >> RSAPublicKey, >> UnwrappedKey, >> WrappedKey); > > I'd guess that call failed, right? > Or are you using some third party PKCS#11 module that implements it? > NSS's PKCS#11 module does not implement that mechanism. I am using the NSS PKCS#11 implementation, but oddly the call does not fail, and produces something that looks like a wrapped key. I'll take a wild guess that it's doing PKCS1-v1.5, but I'll check into it and let you know. I would also expect the call to fail, though; would you like me to file a bug against that? Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
