The reason for ths is RC4 is a stream cipher, and is considered 'inappropriate' for store and forward systems. The reason for this is it is quite easy to change the data in an encrypted file without knowing the key, if you happen to know the underlying data in the file. Conventional practice says you should only use stream ciphers with strong macing or signing. Stream ciphers are most appropriate for, well, streams of data (like in SSL). For File encryption, you should use a block cipher. You should definately not use RC4 for file encryption if you aren't also signing the file.
All that being said, I would have expected a better error message that SEC_ERROR_BAD_DATA.
bob udaybhaskar wrote:
Hi,I am trying to encrypt a file using RC4 encryption algorithm. I am calling SEC_PKCS7CreateEnvelopedData with SEC_OID_RC4 as the SECOidTag. After successfully adding the certificate parameters , I get an error message "security library: received bad data." from the function SEC_PKCS7EncoderStart.cinfo = SEC_PKCS7CreateEnvelopedData (cert,certUsageEmailRecipient,NULL, SEC_OID_RC4 , 0, NULL, NULL);Any help is appreciated. <http://lxr.mozilla.org/security/ident?i=SECOidTag> Thanks in advance, Uday. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
