"Matej Kurpel" wrote: > I am implementing a PKCS#11 module. Today I tried to send encrypted > e-mail to my second gmail account, and it works perfectly (in fact, > nothing is needed from my token to support this). However, when the > message arrives and I try to read it, Thunderbird calls C_UnwrapKey > (which, of course, I don't have implemented) and then C_DecryptInit (I > will implement this in the near future). So it's OK that the > decryption fails. > But, why does TB need to unwrap some key? What is this key and where > does it come from? It's trying to unwrap that key no matter what, > despite the fact that the key for unwrapping has CKA_UNWRAP set to > FALSE, the mechanism doesn't have its CKF_UNWRAP flag set and the > token is read only. Is this a bug of some sort?
The sender generates an ephemeral 3-DES key one for each receiver, then encrypts (wraps) each key using that receivers' RSA public key. In order to read a message, you have to decrypt (unwrap) the 3-DES key that was encrypted using your RSA public key. Then, you have to decrypt the messsage using the 3-DES key you just unwrapped. - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
