On 12 abr, 16:00, Robert Relyea <rrel...@redhat.com> wrote:
> On 04/12/2011 10:55 AM, Superpacko wrote:
>
>
>
>
>
>
>
>
>
> > On 28 mar, 15:28, Robert Relyea <rrel...@redhat.com> wrote:
> >> On 03/28/2011 05:32 AM, Superpacko wrote:
>
> >>> On 23 mar, 14:40, Robert Relyea <rrel...@redhat.com> wrote:
> >>>> On 03/23/2011 06:24 AM, Superpacko wrote:> Well, so i 've been told that
> >>>> i shuld be able to extract the MPI as
> >>>>> bytes and pass it to NSS since GPG original key format is PEM, i
> >>>>> should be able to use MPIs data as raw bytes.
> >>>> If it's really PEM (which should be a printable string), then you should
> >>>> be able to pull out the Base 64 portion and pass it to the NSS atob
> >>>> routine:
> >>>> ATOB_ConvertAsciiToItem()
> >>>> It will return a secItem which has a date and a length. This secitem is
> >>>> DER data.
> >>>> bob
> >>>> PEM is an ascii file in which all the data outside specific wrappers:
> >>>> ( ------------------------- BEGIN xxxxx
> >>>> ---------------------------------),
> >>>> (---------------------- END xxx ------------------------)
> >>>> are ignored. Inside the wrappers is base 64 encoded binary. Base 64
> >>>> takes the 27 letters of the alphabet, both upper and lower case, with
> >>>> the 10 digits, plus and / and assigns each a value between 0 and 64. The
> >>>> binary blob is then considered a long binary integer. That integer is
> >>>> converted to base 64 using those printable digits. The encoding used 4
> >>>> base 64 digits to encode 3 binary bytes (base 64 is 6 bits per value)
> >>>> The PEM base64 pem data is DER data, so the nss der functions should
> >>>> work for them, once you've decoded the base 64.
> >>>> bob
> >>>>> The thing is that the only function i found that takes unsigned char*
> >>>>> as argument is PK11_MakeKEAPubKey, and when i try to encrypt using
> >>>>> that key, i get error 8178 (BAD KEY)
> >>>>> So is there a way to import a public and private key with raw bytes?
> >>>>> so far i've seen that most functions need SECKEYPrivateKeyInfo and
> >>>>> stuff like that.
> >>> Thanks for the help, im going to try to extract this information from
> >>> the key stored in the MPIs.
> >>> Is there a way to import an RSA key from external source that is not
> >>> DER encoded nor KEA?
> >> Do you mean an RSA public key or an RSA private key?
>
> >> bob
>
> >>> otherwise im gonna have to build a custom PK11_MakeRSAPubKey to create
> >>> a SECKEYPublicKey from raw bytes, filling the
> >>> modulusItem.data = modulusData;
> >>> modulusItem.len = modulusLen;
> >>> exponentItem.data = exponentData;
> >>> exponentItem.len = exponentLen;
> >>> with the info from the raw bytes
> >>> thanks again!
> > Is still anyone here?
> > I've managed to imort public and private keys from GPG to NSS. The
> > only help i need now is with the RSA encryption.
> > Im generating a asymmetric key with random bytes, and i need to
> > encrypt this key with RSA.
> > How am i supposed to proceed? according to what i read, i cant just
> > encrypt the whole thing with RSA, instead i have to turn the
> > asymmetric key into a big number and then encrypt the number with RSA.
> > is that correct?
>
> > is there any other way? how would those options be implemented using
> > NSS functions?
>
> That's correct.
>
> 1. Your best bet is to use PK11_TokenKeyGenWithFlags() to generate a new
> symmetric key. (keyid= NULL attrrFlags = 0,
> opFlags=CKF_ENCRYPT|CKF_WRAP, the rest the same as PK11_KeyGen()). The
> output of this is a PK11SymKey.
>
> 2. You can wrap that symmetric key from step 1 with your imported RSA
> (public) key with PK11_PubWrapSymKey(). You'll get a secitem 'data'
> output here.
>
> 3. You can use PK11_WrapPrivKey() to wrap your random asymmetric key
> with the symmetric key you generated in step 1. You'll get a second
> secitem 'data' here. (NOTE: that this point you are through with your
> assymetric key, you can free it with PK11_FreeSymKey()).
>
> 4. You take to two secitem data values and packages them together.
> You'll need to identify the first secitem (from step 2) as the 'wrapped
> symkey' and the second secitem (from step 3) as the 'wrapped private key'.
>
> To recover your key:
>
> 1. separate the 2 secitem data values from your package.
>
> 2. use PK11_PubUnwrapSymKey() with your imported RSA (private) key and
> the 'wrapped symKey'. The result will be a PK11SymKey.
>
> 3. use PK11_UnwrapPrivKey() with the symkey returned in 2 and the
> 'wrapped private key'. This will return the private key you can now use.
> The symkey is not longer needed, so you can free it.
>
> There's a number of parameters for these functions I've skipped, but
> this should get you started.
>
> bob
>
>
>
>
>
>
>
> > thanks!
> > Sebastian.
I followed your previous example, and got the same error.
Generated a symmetric key with
PK11SymKey* symkey = PK11_TokenKeyGenWithFlags(slot,
CKM_AES_CBC,
NULL,
len,
NULL,
CKF_ENCRYPT|CKF_WRAP,
0,
NULL);
did a
PK11_PubWrapSymKey(CKM_RSA_PKCS,
pubKey,
symkey,
wrapped);
and work fine. But when decrypting, im reading the 256 buffer (the RSA
is 2048 bits), loading in into a SECItem and passing it to the decrypt
method.
PK11_PubUnwrapSymKey (privkey, wrappedKey, CKM_AES_CBC, CKF_DECRYPT,
wrappedKey->len);
and theres is when i get the ASSERT error:
file mpi.c
Expression: mp != ((void*)0) && str != ((void*)0) && len >0
Any ideas?
Thanks a lot!
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
