Graham Leggett wrote:
Yes, PK11_CipherOp is for updating a running cipher. PK11_DigestOp updates a digest (the former returns bytes as you encipher them, the latter just updates and the result is fetched from final.Hi all,I am trying to port some symmetrical encryption / decryption code using OpenSSL's EVP_CipherUpdate function to NSS, and I am running into trouble trying to find the API documentation for NSS.So far, the closest to documentation that I have found is a list of the API functions, but none of these functions are in themselves documented. Most specifically, I need to know what #include files are required fo r each function, as my attempts at guessing have been unsuccessful.http://developer.mozilla.org/en/NSS_functionsSo far it looks like PK11_CipherOp is the corresponding function that I need to use. Is this correct?
Both take a context which are created by one of the PK11_CreateContext calls. (for ciphers it's PK11_CreateContextBySymKey()).
That would be PK11_ImportSymKey(). NOTE: this function is available mostly for compatiblity, it will not work in all cases (hardware tokens, for instance, do not like to accept random key material. FIPs devices (including softoken) will also choke on this function). In general if you have raw key bytes lying around in your application, you need to rethink how your application is doing crypto.How do I set up the symmetrical key, cipher and digest for PK11_CipherOp to replace the OpenSSL EVP_BytesToKey function?
Ideally you should get the Bytes for your key as follows:Dervie it: use PK11_DeriveKey to create a new key from and existing key, DH-key pair, or a password.
Unwrap it: unwrap the key using another key or an RSA key.Generate it: PK11_GenerateKey creates a new key. You can use PK11WrapKey to export it to pass to someone else.
Anyway PK11_ImportSymKey() will get you working, but longer term you will want to push more of the crypto logic out of your application and into NSS.
I have managed to find references to some test cases that contain code, but the test cases aren't documented either, and the variable names yield few clues as to what each field is used for.Is there a set of documentation I am missing? Regards, Graham -- ------------------------------------------------------------------------ _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
