Our pkcs#11 is working properly for that scenario (we dont digests, just decrypt, so the key is provided by thunderbird). I suggest u trying opensc pkcs11-spy and check logfiles
On Mon, Mar 10, 2014 at 8:48 AM, Leon Brits <le...@parsec.co.za> wrote: > Hi Robert, > > Thanks for the reply. > > > ...I'm assuming we are talking > > about an RSA operation here and not an symetric key operation like AES or > > DES. > > Yes RSA. > > > Yes, I just checked. We we are unwrapping a key (which is what the > logical > > function RSA Decrypt supports), We check to see if the token support > > unwrap with the target mechanism.... > > We do support the "Unwrap" function and the sequence of function calls in > my original mail is steps after a successful unwrap. I guess thunderbird > now wants to use the unwrapped key to decrypt the email. > > So the question remains: Why if C_DecryptUpdate() is called, is > C_DecryptFinal() not called? If there is only one block then C_Decrypt() > should have been called - right? > > We do implement C_Decrypt(), C_DecryptUpdate() and C_DecryptFinal() (we > have to support PKCS#11 v2.2 and up). > I've verified that the order of the functions (in CK_FUNCTION_LIST) is > correct. C_Sign() works, which is define after C_DecryptFinal(). > > Regards, > LJB > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto