Mathieu Malaterre wrote, On 2009-04-29 13:37: > Hi there, Hi Mathieu, Welcome to dev-tech-crypto. You can expect replies here in 24-48 hours after you post.
> I need to encrypt some content in an Enveloped-data content type of > the cryptographic message syntax defined in RFC 2630/3369/3852. > Quoting the exacts word from the DICOM specification: > ... > The encoding is based on the Enveloped-data Content Type of the > Cryptographic Message Syntax defined in RFC 2630. NSS's CMS library is the one used in Thunderbird's S/MIME implementation. That library and associated utility program claim conformance to RFC 2630. They do not claim conformance to the two newer RFCS you cited, 3369 & 3852. > [snip] > I was then suggested NSS and in particular the cmsutil cmd line tool. Yes. In your message to sci.crypt, you mentioned RFC 2630, but not the other two RFCs. > Before investing too much time in yet-another crypto library, could > someone please let me know: > > 1. Is cmsutil the right tool for me ? That depends on your requirements and objectives. If your requirements can be satisfied with the features of RFC 2630, then the answer may be yes, but if you require features not found in RFC 2630 but only found in the later RFCs you cited, then at this time the answer is no. > 2. In the longer term, I will need to decode file such as the one I > sent on openssl mailing list (**), does NSS support this kind of file ? > (**) http://www.mail-archive.com/openssl-us...@openssl.org/msg56902.html The file shown there uses Password Based Encryption features of RFC 3369 and RFC 3211, which are not supported by NSS at this time. (BTW, RFC 3211 wasn't in your list.) NSS 3.12 offers the low level PBKDF2 functions, but that support has not been integrated into NSS's CMS library, libSMIME, AFAIK. (Bob, feel free to correct me if I'm mistaken about that) If you absolutely must have password-based encryption of S/MIME messages, then NSS cannot help you at this time. But if you are able to use public keys for key transport, as provided in RFC 2630, then NSS can help you. > Thanks *a lot* for your time, > -Mathieu Regards, /Nelson -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
