Hi Robert, Thanks for the reply.
> ...I'm assuming we are talking > about an RSA operation here and not an symetric key operation like AES or > DES. Yes RSA. > Yes, I just checked. We we are unwrapping a key (which is what the logical > function RSA Decrypt supports), We check to see if the token support > unwrap with the target mechanism.... We do support the "Unwrap" function and the sequence of function calls in my original mail is steps after a successful unwrap. I guess thunderbird now wants to use the unwrapped key to decrypt the email. So the question remains: Why if C_DecryptUpdate() is called, is C_DecryptFinal() not called? If there is only one block then C_Decrypt() should have been called - right? We do implement C_Decrypt(), C_DecryptUpdate() and C_DecryptFinal() (we have to support PKCS#11 v2.2 and up). I've verified that the order of the functions (in CK_FUNCTION_LIST) is correct. C_Sign() works, which is define after C_DecryptFinal(). Regards, LJB -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto