bob
Yes, I think the encryption algo is in the SoftTok. "C_EncryptUpdate" is
called.
http://mxr.mozilla.org/mozilla1.9.1/source/security/nss/lib/pk11wrap/pk11cxt.c#670
not cool...
ah I'm stupid, that still doesn't mean the algorithm/mechanism is
inside the token. I don't know if C
On 12/07/2009 12:13 PM, Marc Kaeser wrote:
> Hello Bob
>
>
> Robert Relyea schrieb:
>> On 11/28/2009 11:49 PM, Marc Kaeser wrote:
>>> Dear NSS gurus, what do you think, would it really be a bad idea to
>>> use the key from another token, but still use the internal token to
>>> encrypt? When SDR is
Hello Bob
Robert Relyea schrieb:
On 11/28/2009 11:49 PM, Marc Kaeser wrote:
Dear NSS gurus, what do you think, would it really be a bad idea to
use the key from another token, but still use the internal token to
encrypt? When SDR is called, I could check if the token I want to use
also provide
On 11/28/2009 11:49 PM, Marc Kaeser wrote:
> Dear NSS gurus, what do you think, would it really be a bad idea to
> use the key from another token, but still use the internal token to
> encrypt? When SDR is called, I could check if the token I want to use
> also provides the encryption mechanism I n
Dear NSS gurus, what do you think, would it really be a bad idea to use
the key from another token, but still use the internal token to encrypt?
When SDR is called, I could check if the token I want to use also
provides the encryption mechanism I need. If it doesn't, I could use the
internal to
Sorry I didn't find time to read your answers before today. But thanks,
your explanations help me a lot! I guess it's always difficult to figure
out all dependencies in the beginning, one has to know many puzzle
peaces to see what the final picture could look like ^^
Robert Relyea schrieb:
if I understand well, pk11sdr.c creates a pk11context which tells which
mechanism and which key to use.
Then it calls PK11_CipherOp with that context, and a CKA_ENCRYPT set.
PK11_CipherOp sees "aha, it's a CKA_ENCRYPT, so I must do an encryption
of mechanism "type" and a key (handle, or key data
C_EncryptUpdate
:,-(
I don't know if my TPM or TSS implements that, yet...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
thanks a lot, now that you explain it again that clearly, I can see the
difference. Somehow, I had in mind that those "crypting-objects" are
wire-hard-coded, that the soft-toks just emulates some hardware, and
that you just could forward your requests to that hard-coded logic, and
get some answ
Sorry I didn't find time to read your answers before today. But thanks,
your explanations help me a lot! I guess it's always difficult to figure
out all dependencies in the beginning, one has to know many puzzle
peaces to see what the final picture could look like ^^
Robert Relyea schrieb:
>
thanks a lot, now that you explain it again that clearly, I can see the
difference. Somehow, I had in mind that those "crypting-objects" are
wire-hard-coded, that the soft-toks just emulates some hardware, and
that you just could forward your requests to that hard-coded logic, and
get some answ
thanks a lot, now that you explain it again that clearly, I can see the
difference. Somehow, I had in mind that those "crypting-objects" are
wire-hard-coded, that the soft-toks just emulates some hardware, and
that you just could forward your requests to that hard-coded logic, and
get some answ
On 2009-11-24 13:00 PST, Marc Kaeser wrote:
> Are there unpersistant keys in a token? I'll also look for that point in
> the specs.
Yes, in the PKCS#11 model, *ALL* objects (key objects, cert objects, etc.)
live in tokens. All crypto engines live in tokens, too, at least conceptually.
Some obj
> Thank you for your help, I'll answer directly into your answers, too:
>
> Robert Relyea schrieb:
>
>>>
>>> If I remember well, the PKCS11 specs tell that there's exactly 1
>>> crypto-object per token (soft or hardware).
>>
>> FALSE- A token can and does regularly have multiple crypto-objects
>> a
Thank you for your help, I'll answer directly into your answers, too:
Robert Relyea schrieb:
If I remember well, the PKCS11 specs tell that there's exactly 1
crypto-object per token (soft or hardware).
FALSE- A token can and does regularly have multiple crypto-objects
active at any given tim
> Dear newsgroup,
>
> Could you please give me a hand? I've got a problem understanding the
> relationship between physical/logical reader, slot, token, and
> PK11SlotInfo, NSSToken, PKCS11-Object, Symkeys, Secret keys, fixed
> keys, in NSS's PKCS11 implementation.
> Please just put a "true" or "fa
Dear newsgroup,
Could you please give me a hand? I've got a problem understanding the
relationship between physical/logical reader, slot, token, and
PK11SlotInfo, NSSToken, PKCS11-Object, Symkeys, Secret keys, fixed keys,
in NSS's PKCS11 implementation.
Please just put a "true" or "false" afte
17 matches
Mail list logo
