Hi,
Let me suggest breaking the problem down into something smaller.
Put aside for a minute the part about encrypting and decrypting
any data with the symmetric key. The first thing to verify is
whether the symmetric key is being transferred correctly from
the encrypting side to the decrypting side.
Can you confirm a few things for me please? I'm writing a test
program to see if I can recreate the problem you describe. I
have an 1024-bit RSA key pair and a 128-bit AES secret key for
my test program.
1. I have the following things set in my public key template:
CKA_CLASS - set to CKO_PUBLIC_KEY
CKA_KEY_TYPE - set to CKK_RSA
CKA_MODULUS_BITS - set to the key length, I used 1024
CKA_TOKEN - set to true to make it persistent
CKA_LABEL - I used a label for my convenience
and in my private key template:
CKA_CLASS - set to CKO_PRIVATE_KEY
CKA_KEY_TYPE - set to CKK_RSA
CKA_PRIVATE - set to true
CKA_TOKEN - set to true
CKA_LABEL - I used a label for convenience
2. I have these things set in the template for my AES secret key:
CKA_CLASS - set to CKO_SECRET_KEY
CKA_KEY_TYPE - set ot CKK_AES
CKA_TOKEN - set to true to make it persistent
CKA_PRIVATE - set to true
CKA_VALUE_LEN - set the key length, I used 16 bytes
CKA_LABEL - I used a label for convenience
3. When I exported the RSA public key to the other side, I only
wrote CKA_MODULUS and CKA_PUBLIC_EXPONENT to the file.
I did not write CKA_MODULUS_BITS because I do not need that
one when calling C_CreateObject() to import the RSA public key
object for wrapping the AES secret key.
I believe you said you had an "attribute invalid" error if you
tried to use CKA_MODULUS_BITS. The PKCS#11 specification says
that CKA_MODULUS_BITS must be used for C_GenerateKeyPair(), but
it must not be used for C_CreateObject() -- Sections 10.2 and
12.1.2. That is why.
4. When I imported the RSA public key on the other side, I used a
template that sets again:
CKA_CLASS - set to CKO_PUBLIC_KEY
CKA_KEY_TYPE - set to CKK_RSA
CKA_TOKEN - set to true to save public key on this side too
CKA_LABEL - I used something for convenience
and leaves space for:
CKA_MODULUS - from the exported public key file
CKA_PUBLIC_EXPONENT - from the exported public key file
5. So now I have the AES secret key and the RSA public on the same
side, and I wrapped the AES key with C_WrapKey and mechanism
CKM_RSA_PKCS.
After the wrap operation, I wrote the buffer with wrapped key
data to a file and send it over to the first side where I started.
6. Back on the first side, I read the wrapped data from the file.
I used C_FindObjectsInit/C_FindObjects/C_FindObjectsFinal to
locate the RSA private key object.
Then my test program calls C_UnwrapKey using the wrapped data
buffer and the RSA private key object to create a new object
with this template:
CKA_CLASS - set to CKO_SECRET_KEY
CKA_KEY_TYPE - set to CKK_AES
CKA_TOKEN - set to true
CKA_PRIVATE - set to true
CKA_LABEL - something here for convenience
This new object should be recovered AES secret key, from the
opposite side, now on this side on the token.
7. Are we together so far? So what happens for you when you call
call C_UnwrapKey()? Is this where you get the error
CKR_OBJECT_HANDLE_INVALID?
8. What are the values for the following attributes for the RSA
public key?
CKA_WRAP - true or false?
CKA_ENCRYPT - true or false?
for the RSA private key?
CKA_UNWRAP - true or false?
CKA_DECRYPT - true or false?
for the AES secret key
all of the above attributes - true or false?
If the implementation doesn't automatically set these values
to some reasonable defaults, you may have to set them in the
key/key-pair generation templates, create-object templates
for importing, and the unwrap-key templates too.
Please let me know if your program can get through these steps.
If it can, then we know the secret key has a good chance of
being transferred correctly and can move onto to see if the
problem is somewhere in the encryption/decryption of the data.
Thanks,
D.
NACHO SAAVEDRA wrote:
> Hi, Dina. Thank you for your time and interest. Let?s go step by step.
>
> Here are my commentaries:
> - I'm keeping the RSA key pair by setting the public and private
> templates attributes in true:
> ...
> {CKA_TOKEN, &truevalue, sizeof (truevalue)},
> I stored each pair with an unique ID an label, so, for instance I could
> set the modulus bits of the public with their unique id and label; and
> the id of the private is the same of the public and its label is unique
> and I can see other properties like the key type, etc. Each time I run
> my programs I could see that info, I suppose then I have key persitence.
> I took care having only one rsa key pair generated by softoken. When I
> import publick keys they have other index or ID. Same for private
> symmetric keys.
>
> - I apologize if I emailed a confused issue to all. But my problem of
> wrap and unwrap is in both sides. The steps you mentioned are ok and I'm
> following these steps to do un unwrap in PKCS11 virtual HSM or softoken'
> Open Solaris. Obviously to do the unwrap proccess in the Spyrus side the
> actors take place in inverted roles. When I run the unwrap proccess at
> Sun I get the pkcs11 error 0000082. When i run the unwrap proccess at
> external hsm, for instance a CryptoAPI of java I get an error similar to
> "encoding block error".
>
> - In the steps you mention, I have problems in the step #8. When the
> data comes from inside the proccess continues succesfully unitl the end
> and the unwrap complete is ok. When the data comes from Spyrus or java's
> CryptoAPI the error 000082 happens.
>
> - I'm not transporting private keys. The private keys are at its
> respectives hsms (if we transport private keys were are the security?):
> softoken, spyrus or java's cryptoAPI. I'm only exporting publics keys
> from one hsm to the other. And in each hsm I have import public key
> programs too. The parameteres to import and export public keys are the
> modulus and the exponent. When I import a public key at Open Solaris I
> couldn't set the modulusbits attribute (attribue invalid error), only
> the exponent and the modulus, i.e. in public key template:
> ...
> {CKA_PUBLIC_EXPONENT, &myPublicExponent, sizeof (myPublicExponent)},
> {CKA_MODULUS, &modulusBytes, modulusBytesSize},
> // {CKA_MODULUS_BITS, &modulusbits, sizeof(modulusbits)},// I
> have to comment this line because if not gets an attribute error
>
> - I guess probably the problem is softoken. I don't know if problems
> related with crypto in Solaris 10 have relation with Open Solaris.
> By surfing the web I note that there is a Dos (Denial of Service) that
> affects crypto operations over ssl connections. The syntoms over ssl
> connections affects crypto operations like signing and its' verifying
> (and I suppose if affects pkcs11 too, why not?):
> Please see this web site with the info:
> http://secunia.com/advisories/33050/
> Like I said I'm probably speculating. The problem is that I don't have a
> Sun plan in order to unblock the patch, download it and test in Solaris 10.
>
> - Please tell me if you did succesfullys tests of wrap and unwrap with
> the steps you mention with softoken vs. external hsms?
>
> - If you need the complete code of the wrap and unwrap programs and they
> are ussefull to solve the problem, I could send them to you.
>
> Thanks very much.
>
> Best regards,
>
> J. Ignacio Saavedra V.
> Software Specialist V.S.
>
>
> 2009/3/4 Dina <dina.nimeh at sun.com <mailto:dina.nimeh at sun.com>>
>
> Hi,
>
> What I didn't understand from your list of steps is where you are
> keeping the private key.
>
> For example, if you are generating the RSA key pair (public and
> private) with Spyrus, then where are you generating the symmetric
> key?
>
> If you generated the symmetric key on the Spyrus side, and you wrap
> the symmetric key with RSA public key on the Spyrus side, you will
> not be able to unwrap it on the Sun softtoken side -- it doesn't
> have the RSA private key to do the unwrap operation.
>
> Unless I misunderstand something, I would expect that the transaction
> proceeds like this:
>
> Step 1: Generate RSA key pair, private and public, on Softtoken side.
>
> Step 2: Generate symmetric key on Spyrus side.
> Step 3: Encrypt data "hello world" with symmetric key on Spyrus side.
>
> Step 4: Send RSA public key from Softtoken side to Spyrus side.
> Step 5: Wrap symmetric key with RSA public key on Spyrus side.
>
> Step 6: Write encrypted data from #3 and wrapped key from #5 to files.
>
> Step 7: Read wrapped key from file on Softtoken side
> Step 8: Unwrap wrapped key using RSA private key which is already on
> Softtoken side to reveal the symmetric key on Softtoken side.
>
> Step 9: Read encrypted data from file on Softtoken side.
> Step 10: Decrypt the data with symmetric key on Softtoken side.
>
> Some variation of the steps listed above is possible, but the critical
> part is the RSA private key needs to be available where you unwrap the
> wrapped symmetric key. If it's still on the Spyrus side, Softtoken
> is not able to unwrap.
>
> Unless you also transport the private key from side to the other,
> I'm not sure I understand what you actually did in your test program.
>
> It sounds like your internal loop test works because the private key
> is available when you are going the unwrap operation.
>
> Please let us know if this helps with what you are trying to do.
>
> Thanks,
> D.
>
>
> NACHO SAAVEDRA wrote:
>
> Hi folks.
>
> I forgot to mention that the problem happens in Open Solaris
> (uname -r=5.11) too. The behavior, inputs and outputs are
> similar. Regards, Ignacio
>
> =====
> 2009/3/3 Mark Powers <mark.powers at sun.com
> <mailto:mark.powers at sun.com> <mailto:mark.powers at sun.com
> <mailto:mark.powers at sun.com>>>
>
>
> Hi,
>
> Would it be possible for you to run your test on opensolaris
> instead of S10?
> This alias is for opensolaris development issues rather
> than S10.
> Sun Services handles Solaris 10 issues.
>
> Thanks.
>
> Mark
>
> NACHO SAAVEDRA wrote:
>
> Hello folks. I'm working with separate encryption
> programs
> in PKCS11. For now I'm working with Solaris 10 (and Open
> Solaris 5.11) for Intel in a virtual machine, i.e., i
> don't
> have hw HSM, I'm working with the softoken or
> libpkcs11.so
> version 2.20.
>
> For instance, for the wrap process I did:
> 1- To generate a key pair RSA, 1024 length. At the
> generation moment I could retain or made persistent
> the pair
> of keys into the "virtual Sun HSM" throw an ID # an a
> label
> uniques.
> 2- To generate a key symmetric, (it could be AES 128
> length,
> DES of 64/56 or 3DES 192/168).
> 3- To wrap the sym key with the Public generated in 1-.
> Standard: RSA PKCS11 version 1.5.
> 4- To do a symmetric cryptogram (i.e., symmetric
> encryption)
> with the symm key.
> 5- I stored in 2 different binary files the wrapped
> key and
> the symmetric cryptogram.
> 6- I made a routine in order to export the Public Key and
> store the modulus in other binary file.
>
> With the three aboved files I try to run the unwrap
> process
> in a external HSM, for instance a java cryptoAPI
> program or
> Spyrus component sets with RSA PKCS11 versi?n 1.5 and
> 1024
> RSA key pair length. Unfortunatelly in both the unwrap
> process fails and the HSM return a block codification
> problem. I could not get the original plain text
> encrypted
> at "virtual Sun HSM".
>
> The opposite process, i.e., to do the wrap in the
> external
> HSMs (java or Spyrus) and to import their Public Keys
> (Puk)
> into the Sun HSM does not work too. Of course, I have the
> modulus' Puk and I could insert it into the HSM
> building a
> new Puk with other id # and label; and I have the wrapped
> key file and the symmetric cryptogram.
> When I do the unwrap the error is 00082 or
> CKR_OBJECT_HANDLE_INVALID and this error is shown in the
> C_GetAttributeValue function. If I ignore it, then
> the same
> error appears at the C_UnwrapKey function. Without
> sym key
> the unwrap process is aborted, i.e., the decrypt
> symmetric
> part is not run.
>
> My loop or internal tests work fine: i.e.,
> 1- Generate a pair of keys RSA (for instance with
> index 1).
> 2- Export the Puk.
> 3- Import the Puk with other index (for instance with
> index 4).
> 4- Wrap process with the Puk's index 4 (wrap process:
> wrap
> key plus sym encryption).
> 5- Unwrap process with the Private or Prk's index 1
> (unwrap
> process: unwrap key pluys sym decryption).
>
> The only difference of my internal test with the
> externals
> are the data, not the programs.
>
> My question is if the softoken could be tested with
> external
> data like the test I did. I have the same problem with
> asymmetric encryption and decryption.
>
> I'm attaching some technical information of interest
> related
> with the unwrap program.
>
> Thanks and regards.
>
> Jos? Ignacio Saavedra Vivas
> Voting Solutions
> Bogot? - Colombia
> =====================
> *Attachments:*
>
> Symmetric Key: AES-128.
> Symmetric Mechanism for the key to unwrap:
> symGenMech.mechanism = CKM_AES_KEY_GEN;
> symGenMech.pParameter = NULL_PTR;
> symGenMech.ulParameterLen = 0;
> symSMech.mechanism = CKM_AES_ECB;
> symSMech.ulParameterLen = 16;
>
> Template of the sym key to unwrap:
> CK_ATTRIBUTE templateOut[] = {
> {CKA_CLASS, &class, sizeof (class) },
> {CKA_KEY_TYPE, &keySymType, sizeof (keySymType) },
> {CKA_TOKEN, &falsevalue, sizeof (falsevalue) },
> {CKA_LABEL, symLabel, sizeof (symLabel) },
> {CKA_ENCRYPT, &truevalue, sizeof (truevalue) },
> {CKA_DECRYPT, &truevalue, sizeof (truevalue) },
> {CKA_WRAP, &truevalue, sizeof(truevalue) },
> {CKA_UNWRAP, &truevalue, sizeof(truevalue) },
> {CKA_EXTRACTABLE, &truevalue, sizeof(truevalue) }
> };
>
> Key Pair: RSA-1024.
> Template for the Private Key (Prk) or unwrapping key:
> CK_ATTRIBUTE privatekey_template[] = {
> {CKA_CLASS, &privateClass, sizeof (privateClass)},
> {CKA_ID, id, sizeof (id)},
> {CKA_KEY_TYPE, &keyAsymType, sizeof (keyAsymType) },
> {CKA_LABEL, prkLabel, sizeof (prkLabel)-1},
> {CKA_DECRYPT, &truevalue, sizeof (truevalue)},
> {CKA_UNWRAP, &truevalue, sizeof (truevalue)},
> {CKA_SIGN, &truevalue, sizeof (truevalue)},
> {CKA_TOKEN, &truevalue, sizeof (truevalue)},
> {CKA_PRIVATE, &falsevalue, sizeof (falsevalue)},
> {CKA_MODIFIABLE, &falsevalue, sizeof (falsevalue)},
> {CKA_SENSITIVE, &truevalue, sizeof (truevalue)},
> {CKA_EXTRACTABLE, &truevalue, sizeof (truevalue)},
> {CKA_APPLICATION, &application, sizeof (application)-1}
> };
>
> Mechanisms for the Private keys:
> genmech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
> genmech.pParameter = NULL_PTR;
> genmech.ulParameterLen = 0;
>
> smech.mechanism = CKM_RSA_PKCS;
> smech.pParameter = NULL_PTR;
> smech.ulParameterLen = 0;
>
> Functions: Unwrap key:
> rv = C_UnwrapKey(hSession, &smech, hUnwrappingKey,
> wrappedKey, wrappedKeySize, templateOut, sizeof
> (templateOut) / sizeof (CK_ATTRIBUTE), &hKeyOut);
>
> Attributes to show of the sym key once is unwrapped (it
> works with my internal data, not with externals, in this
> case the attributes are empty):
> CK_ATTRIBUTE getsymattributes[] = {
> {CKA_CLASS, NULL_PTR, 0},
> {CKA_KEY_TYPE, NULL_PTR, 0},
> {CKA_VALUE_LEN, NULL_PTR, 0},
> {CKA_WRAP, NULL_PTR, 0},
> {CKA_UNWRAP, NULL_PTR, 0},
> {CKA_VALUE, NULL_PTR, 0}
> };
> The following instruction is the first fail with the
> external HSM's interchange:
> rv = C_GetAttributeValue(hSession, hKeyOut,
> getsymattributes, template_size);
>
> Decryption process once the sym key was get it:
> /* Initialize the decryption operation in the session */
> rv = C_DecryptInit(hSession, &symSMech, hKeyOut);
> if (rv != CKR_OK) {
> fprintf(stderr, "C_DecryptInit: rv = 0x%.8X\n", rv);
> error = 1;
> goto exit_program;
> }
> /* Decrypt the entire ciphertext string */
> decrypttext_len = sizeof (decrypttext);
> rv = C_Decrypt(hSession, (CK_BYTE_PTR)cipherText,
> cipherTextSize,
> decrypttext, &decrypttext_len);
> if (rv != CKR_OK) {
> fprintf(stderr, "C_Decrypt: rv = 0x%.8X\n", rv);
> error = 1;
> goto exit_session;
> }
>
> OUTPUTS AT SCREEN - RUN #1:
> BEGIN TEST WITH INTERNAL DATA-IT WORKS!
>
> ^C# sh unwrapAll.sh
> unwrapAll.c: In function `main':
> unwrapAll.c:28: warning: return type of 'main' is not
> `int'
> slotCount = 1
> selected slot: 0
> sessionInfo2= 0x00000002
> CKS_RW_PUBLIC_SESSION
> CKF_SERIAL_SESSION | CKF_RW_SESSION
> C_GetAttributeValue: rv = 0x00000012
>
> Attributes Private Key:
> Class: 03000000
> keyAsymType: 00000000
> ObjectLabel: RSA private GCSun for middle-ware
> PrkExclusive: 01
> Object ID: 01
> k antes=1
>
> Go...k=1
> La longitud de wrappedKey es=128
> El valor de wrappedKey es
> 0=74 1=-16 2=44 3=-29 4=-74 5=-8 6=-37 7=25 8=91
> 9=-11610=82
> 11=89 12=-80 13=-44 14=14 15=26 16=-11 17=39 18=-40 19=-3
> 20=88 21=14 22=-38 23=-80 24=-77 25=-104 26=-22 27=-107
> 28=-118 29=-5230=38 31=-121 32=126 33=127 34=-56
> 35=37 36=9
> 37=-35 38=90 39=-1140=87 41=-1 42=81 43=-8 44=-26 45=-2
> 46=27 47=-67 48=74 49=71 50=3 51=96 52=41 53=-76
> 54=64 55=83
> 56=-94 57=40 58=-119 59=-1260=100 61=-65 62=93 63=87
> 64=73
> 65=31 66=-113 67=40 68=42 69=12170=-12 71=-5 72=123 73=53
> 74=-107 75=-17 76=-101 77=-41 78=-101 79=10880=-35
> 81=-102
> 82=-23 83=-16 84=117 85=83 86=115 87=-40 88=66 89=-1290=0
> 91=-7 92=-118 93=91 94=-113 95=83 96=-127 97=-41
> 98=98 99=99
> 100=73 101=9 102=-80 103=48 104=102 105=-126 106=127
> 107=95
> 108=10109=76 110=-34 111=33 112=97 113=42 114=-70 115=23
> 116=21 117=56 118=12119=-125 120=-84 121=126 122=-42
> 123=110
> 124=-58 125=96 126=64 127=-59
> Attributes Wrapped Key:
> Class: 04000000
> keySymType: 1f000000
> Length of Key: 10000000
> Wrap Attribute: 01
> Unwrap Attribute: 01
> Value raw of key:
> 162-232-85-82-92-135-138-47-197-103-79-23-131-239-63-196-
>
> Key was successfully unwrapped with private key!
> slotCount = 1
> selected slot: 0
>
>
> 16 bytes decrypted!!!
>
> The value of the decryption is:
> ?Hello my world!
> Done!!!
>
> ==================================================================
> RUN #2: BEGIN TEST WITH EXTERNAL HSM - DOES NOT WORK
>
> slotCount = 1
> selected slot: 0
> sessionInfo2= 0x00000002
> CKS_RW_PUBLIC_SESSION
> CKF_SERIAL_SESSION | CKF_RW_SESSION
> C_GetAttributeValue: rv = 0x00000012
>
> Attributes Private Key:
> Class: 03000000
> keyAsymType: 00000000
> ObjectLabel: RSA private GCSun for middle-ware
> PrkExclusive: 01
> Object ID: 01
> k antes=1
>
> Go...k=1
> La longitud de wrappedKey es=128
> El valor de wrappedKey es
> C_GetAttributeValue-1: rv = 0x00000082
> C_UnwrapKey: rv = 0x00000082
> 0=102 1=-12 2=-97 3=60 4=-35 5=-113 6=-34 7=-29 8=87 9=47
> 10=-23 11=43 12=-127 13=-78 14=-14 15=-26 16=68 17=108
> 18=-62 19=56 20=-24 21=33 22=-27 23=2 24=11 25=-121 26=32
> 27=90 28=109 29=-1830=74 31=-113 32=-24 33=-48 34=115
> 35=50
> 36=-105 37=62 38=3 39=74 40=-36 41=-117 42=-22 43=-47
> 44=121
> 45=90 46=-59 47=39 48=-44 49=-4250=104 51=-80 52=54
> 53=116
> 54=114 55=19 56=17 57=-125 58=43 59=-6660=36 61=54 62=-11
> 63=44 64=-37 65=32 66=-105 67=59 68=-56 69=-1270=-53
> 71=121
> 72=-113 73=53 74=-89 75=-67 76=-73 77=12 78=-50 79=13
> 80=-92
> 81=-38 82=-98 83=-100 84=-40 85=-13 86=-126 87=-83 88=42
> 89=9 90=-125 91=42 92=-20 93=55 94=-20 95=-65 96=119
> 97=21
> 98=16 99=-12100=42 101=-119 102=-13 103=62 104=-50 105=88
> 106=-31 107=-95 108=-2109=26 110=-48 111=122 112=53
> 113=84
> 114=9 115=-88 116=68 117=49 118=-8119=-58 120=-62
> 121=-113
> 122=-88 123=114 124=18 125=101 126=104
> 127=-1slotCount = 1
> selected slot: 0
> sessionInfo2= 0x00000002
> CKS_RW_PUBLIC_SESSION
> CKF_SERIAL_SESSION | CKF_RW_SESSION
> C_GetAttributeValue: rv = 0x00000012
>
> Attributes Private Key:
> Class: 03000000
> keyAsymType: 00000000
> ObjectLabel: RSA private GCSun for middle-ware
> PrkExclusive: 01
> Object ID: 01
> k antes=1
>
> Go...k=1
> La longitud de wrappedKey es=128
> El valor de wrappedKey es
> C_GetAttributeValue-1: rv = 0x00000082
> C_UnwrapKey: rv = 0x00000082
> 0=25 1=106 2=42 3=-47 4=88 5=70 6=37 7=-81 8=-81 9=-26
> 10=-24 11=-35 12=49 13=121 14=75 15=-59 16=-75 17=86
> 18=47
> 19=-7520=-67 21=115 22=67 23=-44 24=24 25=17 26=-51 27=19
> 28=-72 29=44 30=42 31=66 32=-54 33=-59 34=76 35=-66 36=72
> 37=83 38=103 39=56 40=109 41=119 42=28 43=120 44=-16
> 45=26
> 46=-12 47=104 48=-27 49=92 50=-71 51=47 52=110 53=34
> 54=66
> 55=47 56=115 57=-90 58=65 59=61 60=118 61=47 62=53 63=-17
> 64=-41 65=-105 66=-4 67=-9 68=12 69=86 70=91 71=51 72=42
> 73=-11 74=37 75=12 76=-116 77=-45 78=27 79=26 80=43 81=35
> 82=11 83=-98 84=98 85=-1 86=-125 87=-101 88=39
> 89=-4690=-111
> 91=-23 92=60 93=1 94=-38 95=64 96=65 97=-32 98=113
> 99=-20100=-59 101=7 102=-40 103=81 104=65 105=68 106=-5
> 107=-31 108=-6 109=-8110=76 111=-16 112=110 113=-15
> 114=-63
> 115=-52 116=118 117=85 118=-4 119=67120=81 121=45 122=12
> 123=-17 124=-23 125=-91 126=-37 127=-59 ^C
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> crypto-discuss mailing list
> crypto-discuss at opensolaris.org
> <mailto:crypto-discuss at opensolaris.org>
> <mailto:crypto-discuss at opensolaris.org
> <mailto:crypto-discuss at opensolaris.org>>
>
>
> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> crypto-discuss mailing list
> crypto-discuss at opensolaris.org
> <mailto:crypto-discuss at opensolaris.org>
> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> crypto-discuss mailing list
> crypto-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
