Graham Leggett wrote:
Ah, It's a PBE algorithm. That is a perfectly acceptable way of getting a key. The equivalent function in NSS is PK11_PBEKeyGen which takes a slot, algid, password, Bool (which should always be FALSE), and a password arg (for authenticating to the slot - should match your GetPassword Function).Robert Relyea wrote:"Newer applications should use more standard algorithms such as PKCS#5 v2.0 for key derivation."I am assuming NSS supports PKCS#5 v2, what functions should I be looking at to achieve this?
You can use PK11_CreatePBEV2AlgorithmID or PK11_CreatePBEAlgorithmID to create your algid. The former allows you to completely specify a PKCS #5 v2 algorithm, the latter will create a PKCS #5 v2 implicitly if you pass a symmetric algorithm instead of a PBE (otherwise it will create a PKCS 5 v2or PKCS 12 PBE, depending on the algid).
You probably don't need it for your application, but the resulting algid can be der encoded and passed to a recipient, who would then use it to determine what PBE type to use to recreate a key.
bob
Regards, Graham -- ------------------------------------------------------------------------ _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
