On 07/29/2013 06:00 PM, John wrote:
Hi,Is is possible to import a symmetric key such that it is persisted in the database?
Short answer: use PK11_ImportSymKeyWithFlags(). Set flags=0, and isPerm to PR_TRUE. Longer answer:NOTE: neither PK11_ImportSymKey() nor PK11_ImportSymKeyWithFlags() work in FIPS mode. You'll need to unwrap the key with some private or symetric key. If you use a symetric key to unwrap, you can use PK11_UnwrapSymKeyWithFlagsPerm() if you use a private key you can use PK11_PubUnwrapSymKeyWithFlagsPerm().
NOTE2: the 'Perm' only means you can specify isPerm or not, so you can use these functions as replacements for PK11_UnwrapSymkey() and PK11_PubUnwrapSymKey() respectively.
bob
I have tried the following.
unsigned char secret[] = {0xe8, 0xa7, 0x7c, 0xe2, 0x05, 0x63, 0x6a, 0x31};
SECItem key;
key.type = siBuffer;
key.data = secret;
key.len = sizeof(secret);
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
// Import key.
PK11SymKey *symKey = PK11_ImportSymKey(slot, CKM_DES_CBC, PK11_OriginUnwrap,
CKA_ENCRYPT, &key, NULL);
if (!symKey)
{
cout << "Failed to import key" << endl;
goto shutdown;
}
// Assign nickname to key.
SECStatus rv = PK11_SetSymKeyNickname(symKey, "MySymKey");
if (rv != SECSuccess)
{
cout << "Couldn't set name on key" << endl;
PK11_DeleteTokenSymKey(symKey);
PK11_FreeSymKey(symKey);
goto shutdown;
}
// Check if key was imported.
if (PK11_ListFixedKeysInSlot(slot, "MySymKey", NULL) == NULL)
{
cout << "Failed to find key" << endl;
goto shutdown;
}
PK11_ListFixedKeysInSlot returns NULL and the timestamp on key4.db remains
unchanged, indicating the key was not imported into the database.
Thanks,
John
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Importing-a-symmetic-key-into-NSS-database-tp286642.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
