Brian Hawkins wrote:
I would like to use a block cipher to encrypt some data using a shared secret. It doesn't appear that nss provides access to the low level cipher suite, is that true? I cannot use public/private keys for my encryption because of a design issue. Is there any way to sign and encrypt data using a shared key?The PK11_ functions handle the basic crypto functionality. When dealing with raw shared keys, there's often the issue that applications try to manipulate these keys directly. This can be make to work in NSS, but your application will fail if you try to operate in FIPS mode.
The big question, then, is how are you distributing the keys? If you are typing hex strings or copying files of raw keys around, then things are a bit problematic. If the shared key is generated with a pbe, things are better, and can usually be accommodated in FIPS mode.
So the short answer is yes, you can do what you are asking, but if you need to use a raw key interface, then you need to ask yourself if you have a more fundamental design issue.
Hope that helps, bob
Thanks _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
