Pierre wrote:
> I have an EncryptedPrivateKeyInfo (epki) object created with the > PK11_ExportEncryptedPrivateKeyInfo NSS function. > This epki object was created with PBE_SHA1_DES_CBC algo and a > password. > > We are trying to decrypt this epki to get the PrivateKeyInfo object > but the decryption function doesn't seems to return a valid > PrivateKeyInfo (It doesn't look like an asn1 structure) > > Our decrytion function is ok because it decrypt a epki sample from > "RSA Security". What are you using to generate your PBE? PBE_SHA1_DES_CBC uses pkcs 5 v1, not pkcs 12 or pkcs 5 v2. > > So what's wrong ? > > - Did the PK11_ExportEncryptedPrivateKeyInfo function from the NSS > library return a valid PKCS8 structure ? Yes, it should. > - Are the SHA1 and DES algorithms implementation standard inside the > NSS ? Yes, they are implemented in the softoken. > - Did someone succeed to decrypt a epki object ouside the NSS ? The reverse is true, that is NSS has been able to decrypt epki objects from outside using PBE_SHA1_DES_CBC. (OpenSSL keys have been imported into NSS using PKCS #12 DES). NSS successfully exports PKCS #12 files to openSSL and EI using triple-DES. bob > > Any help welcome ! >
