Bob,
I am being asked for CKM_RSA_PKCS -- I am PKCS 1.5 encoding the input
for encryption, the result I get back already is 128 bytes (RSA 1024). I
am not sure how I am suppose to encode something that is already at the
maximum allowed length.
The input data is ASN1 encoded, so I encode and encrypt the whole block.
then send it to the card. The result back is 128 bytes which I am
currently supplying back to TB without any format. I can independently
verify the signature using rsautil and raw apdu's to the card but TB
still doesn't like it. I am still confused on how the data should be
returned back to TB --
Thanks for your help
Christian
Bob Relyea wrote:
Christian Bongiorno wrote:
I am currently trying to sign some data in tbird and the signature is
not valid.
The incoming data I get (C_Sign()) is an ASN1_STRING of the SHA1 hash
of the message. Currently, I am encrypting the whole thing and
returning raw data back.
Should I be decoding the ASN1 input, encrypting the hash, then
returning it as ASN1 encoded?
Depends on the mechanism that you have been asked for:
CKM_RSA_X509 - just encrypted the data with no additional formatting.
CKM_RSA_PKCS - format the block with PKCS 1.5 encoding. The block should
be formatted as is, if raw hashes are passed in, format the raw hashes,
if ASN1 encoded data, encode that whole block.
See section 12.1.6 and 12.1.12 of the PKCS #11 spec (version 2.20).
bob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
