Petar Popara wrote:
So, I don't need ISO 10126 padding if I use CKM_DES3_CBC_PAD flag, but I need it if I use CKM_DES3_CBC or CKM_AES_CBC?
The block cipher mechanisms whose names end in _PAD do their own padding, and you don't need to do padding for them.
The block cipher mechanisms whose names do not end in _PAD do no padding and require that the input length match the block length exactly. To achieve that, the PKCS11-using application typically does its own padding. When an application requires padding other than the padding defined in the relevant PKCS standard, the application does its own padding and uses a non _PAD mechanism.
There is no CKM_AES_CBC_PAD, right?
I suggest you look that up for yourself. The mechanism defintions are public. Use google and see.
-- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
