Nelson B Bolyard wrote:
The PBE support in the cms library is incomplete. It is missing the following:2. In the longer term, I will need to decode file such as the one I sent on openssl mailing list (**), does NSS support this kind of file ? (**) http://www.mail-archive.com/openssl-us...@openssl.org/msg56902.htmlThe file shown there uses Password Based Encryption features of RFC 3369 and RFC 3211, which are not supported by NSS at this time. (BTW, RFC 3211 wasn't in your list.) NSS 3.12 offers the low level PBKDF2 functions, but that support has not been integrated into NSS's CMS library, libSMIME, AFAIK. (Bob, feel free to correct me if I'm mistaken about that)
1) The PBE recipient info oid would have to be added to cmsrecinfo.c, along with some way of passing in the password. (actually the only need would be to generate a fake key and add the password, CMS will already handle PBE encrypted blocks properly if the password can be supplied).
2) Probably some interface changes to allow that password to be set (maybe as simple as setting it on the appropriate cms_info structure). If full PKCS 5v2 is needed on the creation side, there will need to be a new interface for that (decrypt is already handled properly).
3) Testing.Short answer cmsutil certainly wont' decrypt PBE encrypted data without some extra work. This work would certainly be accepted, if done properly (probably means a callback to get the password, which would allow thunderbird to automatically start handling PBE data).
bob
If you absolutely must have password-based encryption of S/MIME messages, then NSS cannot help you at this time. But if you are able to use public keys for key transport, as provided in RFC 2630, then NSS can help you.Thanks *a lot* for your time, -MathieuRegards, /Nelson
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
