On 04/12/2011 10:55 AM, Superpacko wrote: > On 28 mar, 15:28, Robert Relyea <rrel...@redhat.com> wrote: >> On 03/28/2011 05:32 AM, Superpacko wrote: >> >> >> >> >> >> >> >>> On 23 mar, 14:40, Robert Relyea <rrel...@redhat.com> wrote: >>>> On 03/23/2011 06:24 AM, Superpacko wrote:> Well, so i 've been told that i >>>> shuld be able to extract the MPI as >>>>> bytes and pass it to NSS since GPG original key format is PEM, i >>>>> should be able to use MPIs data as raw bytes. >>>> If it's really PEM (which should be a printable string), then you should >>>> be able to pull out the Base 64 portion and pass it to the NSS atob >>>> routine: >>>> ATOB_ConvertAsciiToItem() >>>> It will return a secItem which has a date and a length. This secitem is >>>> DER data. >>>> bob >>>> PEM is an ascii file in which all the data outside specific wrappers: >>>> ( ------------------------- BEGIN xxxxx >>>> ---------------------------------), >>>> (---------------------- END xxx ------------------------) >>>> are ignored. Inside the wrappers is base 64 encoded binary. Base 64 >>>> takes the 27 letters of the alphabet, both upper and lower case, with >>>> the 10 digits, plus and / and assigns each a value between 0 and 64. The >>>> binary blob is then considered a long binary integer. That integer is >>>> converted to base 64 using those printable digits. The encoding used 4 >>>> base 64 digits to encode 3 binary bytes (base 64 is 6 bits per value) >>>> The PEM base64 pem data is DER data, so the nss der functions should >>>> work for them, once you've decoded the base 64. >>>> bob >>>>> The thing is that the only function i found that takes unsigned char* >>>>> as argument is PK11_MakeKEAPubKey, and when i try to encrypt using >>>>> that key, i get error 8178 (BAD KEY) >>>>> So is there a way to import a public and private key with raw bytes? >>>>> so far i've seen that most functions need SECKEYPrivateKeyInfo and >>>>> stuff like that. >>> Thanks for the help, im going to try to extract this information from >>> the key stored in the MPIs. >>> Is there a way to import an RSA key from external source that is not >>> DER encoded nor KEA? >> Do you mean an RSA public key or an RSA private key? >> >> bob >> >> >> >> >> >> >> >>> otherwise im gonna have to build a custom PK11_MakeRSAPubKey to create >>> a SECKEYPublicKey from raw bytes, filling the >>> modulusItem.data = modulusData; >>> modulusItem.len = modulusLen; >>> exponentItem.data = exponentData; >>> exponentItem.len = exponentLen; >>> with the info from the raw bytes >>> thanks again! > Is still anyone here? > I've managed to imort public and private keys from GPG to NSS. The > only help i need now is with the RSA encryption. > Im generating a asymmetric key with random bytes, and i need to > encrypt this key with RSA.
> How am i supposed to proceed? according to what i read, i cant just > encrypt the whole thing with RSA, instead i have to turn the > asymmetric key into a big number and then encrypt the number with RSA. > is that correct? > > is there any other way? how would those options be implemented using > NSS functions? That's correct. 1. Your best bet is to use PK11_TokenKeyGenWithFlags() to generate a new symmetric key. (keyid= NULL attrrFlags = 0, opFlags=CKF_ENCRYPT|CKF_WRAP, the rest the same as PK11_KeyGen()). The output of this is a PK11SymKey. 2. You can wrap that symmetric key from step 1 with your imported RSA (public) key with PK11_PubWrapSymKey(). You'll get a secitem 'data' output here. 3. You can use PK11_WrapPrivKey() to wrap your random asymmetric key with the symmetric key you generated in step 1. You'll get a second secitem 'data' here. (NOTE: that this point you are through with your assymetric key, you can free it with PK11_FreeSymKey()). 4. You take to two secitem data values and packages them together. You'll need to identify the first secitem (from step 2) as the 'wrapped symkey' and the second secitem (from step 3) as the 'wrapped private key'. To recover your key: 1. separate the 2 secitem data values from your package. 2. use PK11_PubUnwrapSymKey() with your imported RSA (private) key and the 'wrapped symKey'. The result will be a PK11SymKey. 3. use PK11_UnwrapPrivKey() with the symkey returned in 2 and the 'wrapped private key'. This will return the private key you can now use. The symkey is not longer needed, so you can free it. There's a number of parameters for these functions I've skipped, but this should get you started. bob > thanks! > Sebastian.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
