Re: Alternative for SGN_DecodeDigestInfo
On 03/24/2012 03:05 PM, VJ wrote: I'm trying to use RSA_HashCheckSign() function to verify the message. How are you even Linking with RSA_HashCheckSign()? It's a completely internal function to softoken. If you want verify an RSA signature you can use PK11_Verify(), or better yet one of the VFY_ functions. I found that, its using SGN_DecodeDigestInfo() function to decode the digest using SEC_QuickDERDecodeItem() function. My understanding is that SEC_QuickDERDecodeItem() takes the sgn_DigestInfoTemplate array, which is loaded from DLL (Is it right?) If so, where can I find the source cod for that dll? Both the quick decoder and the Digest or in nssutil. The question is, though, why do you need a different template? If your signature isn't an RSA PKCS #1 signature, what is it (perhaps you should be using a different mechanism). Is there any other alternative method in NSS to decode the digest / RSA verification? You are looking pretty low level, so it's hard to answer this question, what is it you are really trying to do, and what kind of signature are you using? Regards, Vejey -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: cert8.db rewrite reasons and exceptions?
On 03/27/2012 01:00 AM, helpcrypto helpcrypto wrote: Cough, cough...exit(CKR_OK) != return CKR_OK...cough, cough Now cert8 is modified always (with or without our module). Anyway, can someone tell me why cert8 is rewrited on each run/close? Because that's how the old berkeley DB works. It's weirdness like this that caused us to implement the new sql-lite db. It just hasn't been integrated into mozilla yet. bob On Tue, Mar 27, 2012 at 9:18 AM, helpcrypto helpcrypto helpcry...@gmail.com wrote: Hi all. Due some problems using Thunderbird ESR, we have found the following, and would like to ask the experts... We have noticed Thunderbird 10.3 (probably older versions too) rewrites cert8.db each time it closes. The file its the same, but the modified date has changed. - Is this normal? - There is a technical/security reason? More test have shown cert8.db is not modified/rewrited after adding our PKCS#11 module in secmod.db. (!) Our PKCS#11 is working OK for a long time without any problems, but there must be something wrong in here to prevent the default behaviour, right? Why is this happening? Going to test on a debug environment to get some traces. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto