於 2014/7/17 上午 06:41, Robert Relyea 提到:
On 07/15/2014 08:05 PM, Chuck Lee wrote:
Yes, but it doesn't work because it also calls
PK11_ExportPrivKeyInfo() to get the RSA private key info.
Now I am trying to decrypt key exported by
PK11_ExportEncryptedPrivKeyInfo() with method
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 directly, which seems
to be the most simple method to decrypt.
Hmm, 1) are you sure you used that method to export the key? It's not
a very strong algorithm, the PKCS #12 files use it to wrap the
certificate, not the key itself. 2) If you want to decrypt, you need
to use that method to generate a PBE key and use it to export.
bob
Since the goal is get RSA private key out of NSS for wpa_supplicant, and
the RSA key is encrypted by PK11_ExportEncryptedPrivKeyInfo() in PKCS#12
format.
I choose the algorithm which is eaiest to decrypt into RSA format.
I have done it yesterday [1], PBE key is generated by SHA-1 using
nsICryptoHash, then write a RC4 functioin to decrypt the key.
[1]
https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=1012549&attachment=8456726
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
