On 06/22/2011 10:54 AM, Crypto User wrote: > Ok. So I got it that Encrypt and decrypt Raw supports no padding . So > the data has to be exactly the length of modulus. Correct? Right. If you try to encrypt something smaller than the modulus, it will assume it's zero padded. > But , PK11_pubEncryptPKCS1/ PK11_PrivDecryptPKCS1 gives error -8023. yeah, I wanted to respond to this last night, but I was on my way out and didn't have time to convert the error number. We have a utility function that prints out the error in a more human readable format, but not all nss packages include it (it's in a static library used the the NSS tools). The function is :
const char *SECU_Strerror(PRErrorCode errNum) and can be found in mozilla/security/nss/cmd/lib/secerror.c -8023 is PKCS#11 Device error. Softoken returns this when the underlying freebl engine returns an error. This could be because: 1) There is something wrong with the key, 2) There is something wrong with the data you passed to Decrypt (the result was not PKCS #1 wrapped and therefor invalid, or 3) you are trying to encrypt too much data (you can't encrypt more than modulus length - 11 bytes). So.... some more questions for you: Is both PK11_PubEncryptPKCS1 and PK11_PrivDecryptPKCS1 returning this error? Using the exact same keys as the Raw case? What is the data you are trying to encrypt? Having a sample of the failing code would probably be more helpful. bob > Can anybody pl. provide any pointer. > Thanks
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
