I'm creating shared keys using an anonymous diffie hellman key exchange. The shared secret will be used to create key block material similar to how TLS does it. So what I need is a method to create a cipher, provide a key and encrypt/decrypt some data. All the methods in nss look like they use public/private keys to decrypt/encrypt stuff.
Based on what you have said it looks like I need to create a PK11SymKey and use it right? Thanks Brian On 6/3/07, Robert Relyea < [EMAIL PROTECTED]> wrote: > > Brian Hawkins wrote: > > I would like to use a block cipher to encrypt some data using a shared > > secret. It doesn't appear that nss provides access to the low level > > cipher suite, is that true? I cannot use public/private keys for my > > encryption because of a design issue. Is there any way to sign and > > encrypt data using a shared key? > > > The PK11_ functions handle the basic crypto functionality. When dealing > with raw shared keys, there's often the issue that applications try to > manipulate these keys directly. This can be make to work in NSS, but > your application will fail if you try to operate in FIPS mode. > > The big question, then, is how are you distributing the keys? If you are > typing hex strings or copying files of raw keys around, then things are > a bit problematic. If the shared key is generated with a pbe, things are > better, and can usually be accommodated in FIPS mode. > > So the short answer is yes, you can do what you are asking, but if you > need to use a raw key interface, then you need to ask yourself if you > have a more fundamental design issue. > > Hope that helps, > > bob > > Thanks > > _______________________________________________ > > dev-tech-crypto mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > > > > _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
