Re: Importing GPG public and private keys in NSS

Thu, 17 Mar 2011 14:39:57 -0700 

On 03/17/2011 11:33 AM, Superpacko wrote:
> On 17 mar, 15:20, Robert Relyea <rrel...@redhat.com> wrote:
>> On 03/16/2011 01:54 PM, Superpacko wrote:> Hi, im working on a software that 
>> uses GPG as a Key Manager but leaves
>>> the encryption operations to NSS. I'm having a hard time trying to
>>> figure out how to import GPG's public and private keys in NSS.
>>> GPG stores the keys in "PKT_public_key" and "PKT_private_key"
>>> structures, both have a "MPI pkey[PUBKEY_MAX_NPKEY];" which is what i
>>> need to import in NSS if im not wrong.
>> What does the full struct look like, and what is the length of
>> PUBKEY_MAX_NPKEY.
> #define PUBKEY_MAX_NPKEY  4
>
>     MPI     pkey[PUBKEY_MAX_NPKEY];
> } PKT_public_key;
>
> This is the struct. GPG stores the data in the MPI structures that are
> used in Lybcrypt.
did you really mean 'lybcrypt' or did you mean 'libcrypt' or
'libgcrypt'? What you need is documentation for how the key is really
stored in this object.
>  I found out that NSS has these functions:
>
> SECKEYPublicKey* SECKEY_ImportDERPublicKey(SECItem *derKey,
> CK_KEY_TYPE type); //with CKK_RSA
>
> SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot,  SECItem
> *derPKI, SECItem *nickname,  SECItem *publicValue, PRBool isPerm,
> PRBool isPrivate,  unsigned int usage, void *wincx);
>
> SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
> SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool
> isPerm, PRBool isPrivate,
>   unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
These functions are taking DER encoded data. DER encoded data are not
strings. You will need a pointer and a length. I would be surprised if
the data in MPI is DER encoded without anything else. Getting DER from
the MPI structure is probably your best bet if you can find the
appropriate call in your crypto library.

> Im assuming that i can pass this MPIs data as char* and store it in a
> SECItem like:
> SECItem derKey;
> derKey.type = siBuffer;
> derKey.data = (unsigned char*)key;
>
> and then pass it to the import function. What do u think about this?
You are missing derKey.len

bob



-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to