On 01/20/2012 04:17 AM, helpcrypto helpcrypto wrote:
After requesting for the pin, Thunderbird calls C_DecryptInit with
mechanism CKM_RSA_PKCS and my private key handle. That seems OK.
Then, it invokes C_Decrypt with some bytes (Always the same for the
same mail...128 length), and we try the following:
RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, pData,
keyRSA, RSA_PKCS1_PADDING) where keyRSA its generated with:RSA_new()
and d2i_RSAPrivateKey(...)
(have checked and the private key its correct.Even more, we can sign
with it without issues.)
That code returns the same bytes always (128 length), but Thunderbird
always says "Thunderbird cant decrypt the message".
This appears to be your problem. I have know idea what library you are
using for your primitives (presumably openssl), but it clearly is not
decrypting the key with RSA_PKCS1_PADDING. The expected result should be
something like 24-16 bytes, which should be the symmetric key you
encrypted with.
The code makes me wonder what you are trying to do, however. It looks
more like a 'simulated' smart card. I presume that d2i_RSAPrivateKey
takes the actual private key that matches the public key used by S/MIME.
Presumably the data is stored somewhere and you aren't just
'regenerating a new key'. If you were using a smart card, I would have
expected a card specific APDU call which passes the encrypted data to
the card and got the decrypted data back.
Why this happens?
It appears to be a bug in your code at this point. If you are using the
correct key, and you are using RSA_PKCS1_PADDING, your
RSA_private_decrypt should work.
Must we code C_UnWrapKey function and so to Decrypt, cause Thunderbird
doesnt like our PKCS#11 just does CKM_RSA_PKCS?
Thunderbird is perfectly happy with CKM_RSA_PKCS.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
