Robert Relyea wrote:
Does NSS support RFC2898 (derivation of keys from a passphrase), and if so, what set of functions should I be looking at to use this?Yes, The standard NSS PBE interface supports PBKDF2 automatically on reading if the algid specifying the PBE is PBEDKF2. On generation, if you specify a symmetric key algorithm the the standard PK11_CreatePBEAlgorithmID rather than a PBE algorithm, NSS will generate a PKCS #5 v2 algorithm id (using PBKDF2). There is also a new Create algorithm ID called PK11_CreatePBEV2AlgorithmID which allows you to fully specify each of the fields of the PBE.
A further question - how do you specify the size of the key to be generated by the PBKDF2 process?
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
