On Fri, 04 Apr 2003 20:06:52 -0800, Nelson Bolyard wrote: > Allan Beaufour Larsen wrote: >> I'm having trouble using PK11_PubDecryptRaw/PK11_PubEncryptRaw. I pass >> both functions raw data with is same size as the key modulus, but it >> doesn't work all the times. > > What do you mean by "it doesn't work"?
Okay, fair enough. I wasn't too clear about that... > Does some function return results you didn't expect? > What function? What result? > Did the function return something other that SECSuccess? > If so, what value was returned by PR_GetError()? It returns SECSuccess all the time, but from time to time either encryption or decryption doesn't work proberly, ie. decrypt(encrypt(P)) != P. If I understand you right, the PubDecryptRaw/PubEncryptRaw functions always returns something that is equal to or smaller than the modulus (given that they receive data that is smaller than modulus)? My data (the nonce, see below) is always == modulus size. > > Can someone give me a simple example of how to "do it right"? > > User data is not typically encrypted directly with RSA encryption. Maybe it needs some explanation. I'm building an application where one entity, A, needs to authenticate itself to another entity, B. The way I'm doing it is to send a nonce from B to A, A encrypts the nonce with her private key and returns it to B, B then verifies it by decrypting it with A's public key (eventually supplied in a certificate). Very classical approach, as I see it. I wan't to save as much power as possible, both regarding computation and transmission. That's why I just want to do a raw encrypt/decrypt. That's also my reason for not just using SSL, besides the point that cleartext communication is fine by me. Regards, Allan
