Re: RSA OAEP encryption support in NSS

2008-08-04 Thread David Allan
Thanks for filing it--I've been tied up away from my machine all day today. Dave On Mon, 4 Aug 2008, Nelson Bolyard wrote: > Nelson Bolyard wrote, On 2008-08-03 21:05: >> David Allan wrote, On 2008-08-02 19:43: >> would you like me to file a bug against that? >> >> Yes, please. You can put t

Re: RSA OAEP encryption support in NSS

2008-08-04 Thread Robert Relyea
Nelson Bolyard wrote: Yes, please. You can put this text into the bug report, if you'd like. I just walked through that code again more carefully. It's definitely a bug. It's really a flaw in the design of the private function pk11_ForceSlot. That function can have any of the following outco

Re: RSA OAEP encryption support in NSS

2008-08-04 Thread Nelson Bolyard
Nelson Bolyard wrote, On 2008-08-03 21:05: > David Allan wrote, On 2008-08-02 19:43: > would you like me to file a bug against that? > > Yes, please. You can put this text into the bug report, if you'd like. I filed this bug about the issue: https://bugzilla.mozilla.org/show_bug.cgi?id=449087 _

Re: RSA OAEP encryption support in NSS

2008-08-03 Thread Nelson Bolyard
David Allan wrote, On 2008-08-02 19:43: > >>> PK11_PubWrapSymKey(CKM_RSA_PKCS_OAEP, >>> RSAPublicKey, >>> UnwrappedKey, >>> WrappedKey); >> I'd guess that call failed, right? >> Or are you using some third party PKCS#11 module that implem

Re: RSA OAEP encryption support in NSS

2008-08-02 Thread David Allan
On Sat, 2 Aug 2008, Wan-Teh Chang wrote: Hi Wan-Teh, > This is correct. RSA OAEP is not yet supported by NSS. The > request for this feature is: > https://bugzilla.mozilla.org/show_bug.cgi?id=158747 > > The only workaround is to extract the symmetric key as bytes > (if the key can be extracted)

Re: RSA OAEP encryption support in NSS

2008-08-02 Thread David Allan
Hi Nelson, Thanks for all the info. > As you probably know, the IETF standards for SSL (TLS), including TLS 1.0 > (RFC 2246), TLS 1.1 (RFC 4346), and TLS 1.2 (presently an Internet Draft, > > ), all specify tha

Re: RSA OAEP encryption support in NSS

2008-08-02 Thread Wan-Teh Chang
On Sat, Aug 2, 2008 at 9:12 AM, David Allan <[EMAIL PROTECTED]> wrote: > Hi all, > > I would like to port the client side of a client-server application from > OpenSSL to NSS, but I've hit a snag: > > The client creates a symmetric key, encrypts it with the server's public > key and transmits it to

Re: RSA OAEP encryption support in NSS

2008-08-02 Thread Nelson B Bolyard
David Allan wrote, On 2008-08-02 09:12: > Hi all, > > I would like to port the client side of a client-server application from > OpenSSL to NSS, but I've hit a snag: > > The client creates a symmetric key, encrypts it with the server's public > key and transmits it to the server. The server, o

RSA OAEP encryption support in NSS

2008-08-02 Thread David Allan
Hi all, I would like to port the client side of a client-server application from OpenSSL to NSS, but I've hit a snag: The client creates a symmetric key, encrypts it with the server's public key and transmits it to the server. The server, over which I have no control, expects the key to be en