hi,
I did found that the CKA_SENSITIVE is "true" by using the following code:
rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey, CKA_SENSITIVE,
&value);
if (rv != SECSuccess) {
NSSUtilLogger.msg(ERROR, "Failed to read CKA_SENSITIVE attribute from
private key.");
> In the first call you need to return a value at least big enough to hold the
> decrypted data. 128 bytes (size of encrypted data) is big enough for RSA.
> This isn't ideal, however. You keep saying the data is 24 bytes, but that's
> not a given, it's only true in the case you were talking. If you
hi,
On Jan 26, 2012, at 6:28 PM, Robert Relyea wrote:
> On 01/26/2012 05:08 AM, weizhong qiang wrote:
>> hi,
>> Is there a fact that nss does not permit the reading of the attribute
>> CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
>> Because with all of the eight attributes, it is possible to compos
On 01/26/2012 05:08 AM, weizhong qiang wrote:
hi,
Is there a fact that nss does not permit the reading of the attribute
CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
Because with all of the eight attributes, it is possible to compose the content
of the private key, but the outputting of private key
On 01/26/2012 07:55 AM, weizhong qiang wrote:
On Jan 26, 2012, at 4:44 PM, helpcrypto helpcrypto wrote:
AFAIK, returning or not the attributes from an object, depends on the token.
Everything I am operating is on the nss internal softoken.
Right softoken enforces good hygiene.
In truth, acce
On 01/26/2012 12:04 AM, helpcrypto helpcrypto wrote:
Robert Relyea wrote:
Sorry my bad, I wasn't clear. The double decrypt happens in the case where
you first call C_Decrypt with pData = NULL. In that case you can return 128
instead of decrypting the data just to get the length. In the case wher
On Jan 26, 2012, at 4:44 PM, helpcrypto helpcrypto wrote:
> AFAIK, returning or not the attributes from an object, depends on the token.
Everything I am operating is on the nss internal softoken.
> I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to
> understand what can be ha
AFAIK, returning or not the attributes from an object, depends on the token.
I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to
understand what can be happening.
For example if token=card, CKA_PRIME_1 *musnt* be on the card, as far
is not *needed* to do cryptographic operations.
hi,
Is there a fact that nss does not permit the reading of the attribute
CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
Because with all of the eight attributes, it is possible to compose the content
of the private key, but the outputting of private key is not allowed in nss?
Thanks and Best Regards
The rv value gives SECFailure.
Thanks
在 2012-1-26 下午5:29,"helpcrypto helpcrypto" 写道:
> my mistake. i mean the RV value
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
dev-tech-crypto@li
my mistake. i mean the RV value
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi,
It gives number 123, which is the type CKA_PRIVATE_EXPONENT.
Thanks
Weizhong qiang
在 2012-1-26 下午4:43,"helpcrypto helpcrypto" 写道:
> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read
> attribute %x from private key.", type); ?
>
> El día 25 de enero de 2012 17:04, weizhong qiang
>
Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read
attribute %x from private key.", type); ?
El día 25 de enero de 2012 17:04, weizhong qiang
escribió:
> hi all,
> I tried to get the attributes from a private key (see the following code
> piece). But only the CKA_MODULUS and CKA_PUBL
Ashok Subash wrote:
> Hi Brian,
>
> We have made some progress. We could statically build nss and link on
> our platform.
Do you mean statically link NSS into Firefox? If so, there are several gotchas
that need to be taken into account. See Wan-Teh's patch at
https://bugzilla.mozilla.org/show_b
> Robert Relyea wrote:
> Sorry my bad, I wasn't clear. The double decrypt happens in the case where
> you first call C_Decrypt with pData = NULL. In that case you can return 128
> instead of decrypting the data just to get the length. In the case where
> C_Decrypt is called with pData != NULL, you
15 matches
Mail list logo
