Block cipher access
Brian Hawkins
secret. It doesn't appear that nss provides access to the low level
cipher suite, is that true? I cannot use public/private keys for my
encryption because of a design issue. Is there any way to sign and
encrypt data using a shared key?
Thanks
Brian Hawkins
The shared secret will be used to create key block material similar to how
TLS does it. So what I need is a method to create a cipher, provide a key
and encrypt/decrypt some data. All the methods in nss look like they use
public/private keys to decrypt/encrypt stuff.
Based on what you have said it looks like I need to create a PK11SymKey and
use it right?
Thanks
Brian
On 6/3/07, Robert Relyea < rre...@redhat.com> wrote:
> The PK11_ functions handle the basic crypto functionality. When dealing
> with raw shared keys, there's often the issue that applications try to
> manipulate these keys directly. This can be make to work in NSS, but
> your application will fail if you try to operate in FIPS mode.
>
> The big question, then, is how are you distributing the keys? If you are
> typing hex strings or copying files of raw keys around, then things are
> a bit problematic. If the shared key is generated with a pbe, things are
> better, and can usually be accommodated in FIPS mode.
>
> So the short answer is yes, you can do what you are asking, but if you
> need to use a raw key interface, then you need to ask yourself if you
> have a more fundamental design issue.
>
> Hope that helps,
>
> bob
> > Thanks
> > _______________________________________________
> > dev-tech-crypto mailing list
> > dev-tec...@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
> >
>
>
>