Patrick wrote: > Another thing: if I want to specify a PBE algo for my key generation and I > want to use the algo with OID = > SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC > but JSS' PBEAlgorithm class gives me only PBE_SHA1_DES3_CBC, which is a > little vague because it could map to: > SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, or > SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC, or > SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC. > Which is it?
http://lxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/crypto/PBEAlgorithm.java#123 The first one, which seems to be what you want to use. > Also if I want to use the fromOID method in PBEAlgorithm, how do I build the > required OBJECT_IDENTIFIER object from just the name > SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC? I need at least the > corresponding OID *numbers* but can I find them in JSS (I suppose I could > pull them from the PKCS#12 spec but if there's a easier way...)? You're kidding. Grabbing the spec takes less time than composing a newsgroup message. http://www.rsa.com/rsalabs/PKCS/pkcs-12/index.html . The fromOID() method is intended for when you are decoding an object that may have been encrypted with any of several algorithms, and you don't know which until runtime. So, your code has to decide dynamically which algorithm to use. Think, for example, of an encrypted object in PKCS #12. The blob has an AlgorithmIdentifier object which contains the OID of the encryption algorithm. You feed that OID into fromOID() to get the algorithm to use for decryption. But you are doing something different. You know the algorithm at compile time, and you are trying to construct an OID by hand in order to select a PBEAlgorithm. This is not the intended use. You should use the constants defined in PBEAlgorithm to specify your algorithm.
