On 12 abr, 16:00, Robert Relyea <rrel...@redhat.com> wrote: > On 04/12/2011 10:55 AM, Superpacko wrote: > > > > > > > > > > > On 28 mar, 15:28, Robert Relyea <rrel...@redhat.com> wrote: > >> On 03/28/2011 05:32 AM, Superpacko wrote: > > >>> On 23 mar, 14:40, Robert Relyea <rrel...@redhat.com> wrote: > >>>> On 03/23/2011 06:24 AM, Superpacko wrote:> Well, so i 've been told that > >>>> i shuld be able to extract the MPI as > >>>>> bytes and pass it to NSS since GPG original key format is PEM, i > >>>>> should be able to use MPIs data as raw bytes. > >>>> If it's really PEM (which should be a printable string), then you should > >>>> be able to pull out the Base 64 portion and pass it to the NSS atob > >>>> routine: > >>>> ATOB_ConvertAsciiToItem() > >>>> It will return a secItem which has a date and a length. This secitem is > >>>> DER data. > >>>> bob > >>>> PEM is an ascii file in which all the data outside specific wrappers: > >>>> ( ------------------------- BEGIN xxxxx > >>>> ---------------------------------), > >>>> (---------------------- END xxx ------------------------) > >>>> are ignored. Inside the wrappers is base 64 encoded binary. Base 64 > >>>> takes the 27 letters of the alphabet, both upper and lower case, with > >>>> the 10 digits, plus and / and assigns each a value between 0 and 64. The > >>>> binary blob is then considered a long binary integer. That integer is > >>>> converted to base 64 using those printable digits. The encoding used 4 > >>>> base 64 digits to encode 3 binary bytes (base 64 is 6 bits per value) > >>>> The PEM base64 pem data is DER data, so the nss der functions should > >>>> work for them, once you've decoded the base 64. > >>>> bob > >>>>> The thing is that the only function i found that takes unsigned char* > >>>>> as argument is PK11_MakeKEAPubKey, and when i try to encrypt using > >>>>> that key, i get error 8178 (BAD KEY) > >>>>> So is there a way to import a public and private key with raw bytes? > >>>>> so far i've seen that most functions need SECKEYPrivateKeyInfo and > >>>>> stuff like that. > >>> Thanks for the help, im going to try to extract this information from > >>> the key stored in the MPIs. > >>> Is there a way to import an RSA key from external source that is not > >>> DER encoded nor KEA? > >> Do you mean an RSA public key or an RSA private key? > > >> bob > > >>> otherwise im gonna have to build a custom PK11_MakeRSAPubKey to create > >>> a SECKEYPublicKey from raw bytes, filling the > >>> modulusItem.data = modulusData; > >>> modulusItem.len = modulusLen; > >>> exponentItem.data = exponentData; > >>> exponentItem.len = exponentLen; > >>> with the info from the raw bytes > >>> thanks again! > > Is still anyone here? > > I've managed to imort public and private keys from GPG to NSS. The > > only help i need now is with the RSA encryption. > > Im generating a asymmetric key with random bytes, and i need to > > encrypt this key with RSA. > > How am i supposed to proceed? according to what i read, i cant just > > encrypt the whole thing with RSA, instead i have to turn the > > asymmetric key into a big number and then encrypt the number with RSA. > > is that correct? > > > is there any other way? how would those options be implemented using > > NSS functions? > > That's correct. > > 1. Your best bet is to use PK11_TokenKeyGenWithFlags() to generate a new > symmetric key. (keyid= NULL attrrFlags = 0, > opFlags=CKF_ENCRYPT|CKF_WRAP, the rest the same as PK11_KeyGen()). The > output of this is a PK11SymKey. > > 2. You can wrap that symmetric key from step 1 with your imported RSA > (public) key with PK11_PubWrapSymKey(). You'll get a secitem 'data' > output here. > > 3. You can use PK11_WrapPrivKey() to wrap your random asymmetric key > with the symmetric key you generated in step 1. You'll get a second > secitem 'data' here. (NOTE: that this point you are through with your > assymetric key, you can free it with PK11_FreeSymKey()). > > 4. You take to two secitem data values and packages them together. > You'll need to identify the first secitem (from step 2) as the 'wrapped > symkey' and the second secitem (from step 3) as the 'wrapped private key'. > > To recover your key: > > 1. separate the 2 secitem data values from your package. > > 2. use PK11_PubUnwrapSymKey() with your imported RSA (private) key and > the 'wrapped symKey'. The result will be a PK11SymKey. > > 3. use PK11_UnwrapPrivKey() with the symkey returned in 2 and the > 'wrapped private key'. This will return the private key you can now use. > The symkey is not longer needed, so you can free it. > > There's a number of parameters for these functions I've skipped, but > this should get you started. > > bob > > > > > > > > > thanks! > > Sebastian.
Thanks! so this is what i have. Im generating 32 random bytes with RandomGenerator from NSS then i proceed to encrypt this random bytes with PK11_PubEncryptPKCS1(pubKey, (unsigned char*)output, (unsigned char*)input, inputSize, NULL); the output is a buffer of size 256, which is the len in bytes of the public modulus. Input is 32, the len of the random bytes used as symkey. This works fine, i suppose the function adds pad to the input to complete the 256 bytes, and encrypts with the public key. then i get a 256 byte output. The thing is that when i try to decrypt this buffer, with PK11_PrivDecryptPKCS1(privkey, (unsigned char*)output, &outLen, inputSize, (unsigned char*)input, inputSize); i get an ASSERT error, in the line 4674 of "mpi.c". All im doing is passing the 256 encrypted buffer, with the private key, and an output buffer. what i noticed is that when chaging the las parameter which is encLen in the prototype, if i put a smalled size i get an error SEC_ERROR_PKCS11_DEVICE_ERROR(8023). So im not sure about where is the problem, it seams to me that the mpi reader is reading the encrypted bytes and somehow the assert fails in: ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); (mpi.c: line 4674) any ideas? thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
