Robert, Thanks for your time.
> cmscipher does call DecryptUpdate, but for the symmetric portion, not the > asymmetric portion. We were talking about key unwrapping/decrypt in RSA. > This is clearly an symmetric operation (DES3 or AES or something). Ok. Sorry if I misunderstood and gave the incorrect answer. > Looks like you are trying use a PAD mechanism when NSS requested a CBC > mechanism. In the CBC mechanism NSS will always ask for even number of > blocks and expect to get back all the blocks. In the PAD mechanism, the > PKCS #11 module needs to hold back one block in order to handle padding > correctly. I simply provide the PKCS11 interface, Thunderbird must decide which PKCS#11 call to do. In thunderbird I encrypted a message and now I want to decrypt it on another machine with Thunderbird. I only told Thunderbird which RSA certificate is used as the targeted party. So if Thunderbird now wants to decrypt it should know what it did and make the right PKCS#11 calls. I got the DecryptUpdate() call which means Thunderbird must call the DecryptFinal() at some point (IMO). > Can't call decrypt here, because I probably have more blocks coming. > This is encrypting the email message, so it's streaming. It is decrypting. > The fundamental issue here is you are probably trying to do more than you > need to if you just want a signing/decryption token. You don't need to > implement the symmetric algorithms, so if you just implement decrypt > (rather than unwrap), NSS will use it's internal implementation to do the > symmetric operations. > > If you are trying to build a full replacement (because you are managing > the keys in your token or something, then you need to return all the > blocks requested when doing a CBC operation (rather then a CBC_PAD > operation). We do have a VERY complete implementation of RSA, DSA, DH, EC, wrap/unwrap, en/decrypt, sign/verify and derivation on our device. We expose this all via PKCS#11 v2.2 and up. And for them all, if you call DecryptUpdate() then you must call DecryptFinal(). As far as I know this is the standard. Please correct me if I wrong. Regards, LJB -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
