Thank you. This helped me a little, but I still have few questions.Make sure that when you did the 3DES/CDC encryption, you used the proper padding. For the symmetric cipher, it's ISO 10126, even if the assymetric uses PKCS1 :
http://www.w3.org/TR/xmlenc-core/#sec-Padding
So, I don't need ISO 10126 padding if I use CKM_DES3_CBC_PAD flag,
If you intend to use CKM_DES3_CBC_PAD, you should check the reference, that is the PKCS#11 reference on the RSA site, to see what it does.
And you'd see that CKM_DES3_CBC_PAD does padding for you, but it does PKCS padding (&12.13.2, PKCS symmetric padding is PKCS#5), so it's *not* the right function to use.
but I need it if I use CKM_DES3_CBC or CKM_AES_CBC? There is no CKM_AES_CBC_PAD, right?
The conclusion is there's no mechanims in pkcs#11 (and therefore in the low level NSS functions) that will do the ISO 10126 padding for you.
So you *must* use raw encryption CKM_DES3_CBC or CKM_AES_CBC, and before you call them, create the ISO 10126 padding. Fortunately it's very easy to do ISO 10126 padding, as described in the xmlenc-core spec.
One note : ISO 10126 and PKCS#5 padding for encryption are very similar, but not identical. The only difference is a place where ISO 10126 requires random content, and PKCS#5 fixed content. So when you decrypt using ISO 10126 something that used PKCS#5 padding, it will work. But if you decrypt using PKCS#5 something that used ISO 10126, it certainly will fail, because PKCS#5 will see some random values at a place where it expects a very precise content. But not always. If the padding string is only one byte long (12.5 % chance), the two forms will happen to coincide.
So selecting the wrong padding will not fail in a really obvious way, this must be know for interoperability testing.
Do you have any example of PKCS1 padding?
Check the relevant RFC to get a description of both PKCS#1 and OAEP padding. That's RFC 3447.
You'll need to use them, and *not* ISO 10126, when you call PK11_PubEncryptRaw
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
