Nelson, On Thu, Apr 30, 2009 at 1:22 AM, Nelson B Bolyard <nel...@bolyard.me> wrote: > Hi Mathieu, > Welcome to dev-tech-crypto. > You can expect replies here in 24-48 hours after you post.
Awefully sorry about that. I tried posting from groups.google.com, and after ~8h it was still not showing on the very same groups.google.com. So I tried the mailing list, but an error occured when sending the first mail (reported by gmail.com) so I decided to post again... >> ... >> The encoding is based on the Enveloped-data Content Type of the >> Cryptographic Message Syntax defined in RFC 2630. > > NSS's CMS library is the one used in Thunderbird's S/MIME implementation. > That library and associated utility program claim conformance to RFC 2630. > They do not claim conformance to the two newer RFCS you cited, 3369 & 3852. Ok. Now I know :) >> Before investing too much time in yet-another crypto library, could >> someone please let me know: >> >> 1. Is cmsutil the right tool for me ? > > That depends on your requirements and objectives. If your requirements > can be satisfied with the features of RFC 2630, then the answer may be > yes, but if you require features not found in RFC 2630 but only found in > the later RFCs you cited, then at this time the answer is no. ok. >> 2. In the longer term, I will need to decode file such as the one I >> sent on openssl mailing list (**), does NSS support this kind of file ? >> (**) http://www.mail-archive.com/openssl-us...@openssl.org/msg56902.html > > The file shown there uses Password Based Encryption features of RFC 3369 > and RFC 3211, which are not supported by NSS at this time. (BTW, RFC 3211 > wasn't in your list.) > > NSS 3.12 offers the low level PBKDF2 functions, but that support has not > been integrated into NSS's CMS library, libSMIME, AFAIK. > > (Bob, feel free to correct me if I'm mistaken about that) > > If you absolutely must have password-based encryption of S/MIME messages, > then NSS cannot help you at this time. But if you are able to use public > keys for key transport, as provided in RFC 2630, then NSS can help you. This is not an issue in the short term for me. But in the longer this is something I'll be looking for. Hopefully with some help to get me started I might be able to contribute this back to NSS. From th OpenSSL post it looks like this is not easy to add there, so my best bet would be NSS. Thanks, -- Mathieu -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
