On Sat, 2 Aug 2008, Wan-Teh Chang wrote: Hi Wan-Teh,
> This is correct. RSA OAEP is not yet supported by NSS. The > request for this feature is: > https://bugzilla.mozilla.org/show_bug.cgi?id=158747 > > The only workaround is to extract the symmetric key as bytes > (if the key can be extracted), manually format the OAEP block, > and encrypt the block as data with CKM_RSA_X509. Ok, good stuff. I'll give that a go. > If you are interested, you can also try to implement RSA OAEP > in NSS and submit a patch. We'll greatly appreciate that. I had a look at the PKCS#1 v2.1 spec, and it's not totally out of the realm of possibility to do a patch for OAEP support. It would obviously clean up my code a lot just to be able to call into the library. I have only done a brief look-over of the NSS code, but I'll take a bit more in-depth look and see if what's in nss/lib/softoken/rsawrapr.c can be exposed without too much work. Has anybody done any work in this area already? From the bug transcript, it looks like Nelson as well as others have already looked into it. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
