Robert Relyea wrote:
Ken wrote:
2008/11/15 Robert Relyea <[EMAIL PROTECTED]>:
NZzi wrote:
Robert Relyea wrote:
NZzi wrote:
hi all:
I want to use private key to encrypt a message,
and decrypt with public key.
Are you encrypting data or a symmetric Key?
Most of the nss code that does these operations does so on actual
symetric keys (which are then used to do additional
encryption/decryption/macing).
In that case they are using the PK11_PubWrapSymKey() and
PK11_PubUnwrapSymKey().
If i use symmetric key to encrypt a license and use private key
to encrypt the symmetric key, other people can have my public
key.
Yeah, it's an unfortunate name. The Pub in PubWrapSymKey means
'Public Key
Cryptography" not PublicKey. It's really the private key. It was written
before we started standardizing on separating Public and Private in the
function name.
but i must guarantee the integrity of license and forbid it from
regenerating or modifying.
No matter what key(public or private) is used to wrap
the symkey, if someone hack the program to get the
unwrapped symkey(e.g. from memory), he can modify
and regenerate the license to pass the validation.
So i just want to use private key to encrypt the license,
decrypt and validate it using public key.
OK, so you are doing a signing operation, not an key exchange or
encryption. (the symetric key only applies to the decryption issue). In
doing crypto, it's important to understand what your high level goal
before you can apply the appropriate primitives. In this case it sounds
like you aren't really making data unreadable, you are simply making
sure the data is the correct data (that is the license is valid).
The reason I don't use SGN_*() is I need recover the
content of license. I tried the PK11_VerifyRecover(),
but got 8192 error, So I'm not sure PK11_VerifyRecover()
can recover the content of license signature, signed
by PK11_Sign(private_key,...)?
Typically you include the data you are signing in the clear along with
the signature. The license content can't be a secret, or your scheme is
broken (anyone can get it if you 'encrypt' it with your private key). If
you just use the RSA encrypt, you are definitely tying yourself to RSA
(no possibility of using some other signing algorithm, which requires
you to possess knowledge of what it is you are trying to sign before you
actually verify). If you are trying to match some existing system, then
you are pretty much stuck with RSA anyway, but if you are building this
on your own, then consider including the data outside the signature.
You'll thank me later;).
That being send, PK11_VerifyRecover should work. The most likely reasons
for it not working include: 1) the public key you decrypt with doesn't
math the private key you encrypted with, 2) the signed data is corrupted
in some way. What does your code sample look like?
yeah, in order to get the "real reason" of the problem, i had to
compile NSS from source and debug my program with NSS code, then
i found why i got 8192 error. It's because the "length thing" of
data and signed data.
I think Chang's current work on doc is great, a detailed Docs about
NSS API(each level, including PKCS#11, Crypto Wrapper, and etc) will
help people like me(know the basic cryptography knowledge, but not good
at it) a lot.
anyway, thanks very much
bob
------------------------------------------------------------------------
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
