Julien Regibeau wrote: > > Hello, > > I'm using NSS 3.2 and I'd like to know if the bulk encryption algorithm is > Triple DES Three Keys for PKCS #7 and for SSL. > > Thanks
I'm not sure whether you're asking a) how to know if it's using triple-DES or some other algorithm, or b) whether triple DES uses 3 keys, or only 2 keys. NSS's triple DES uses 3 keys in EDE configuration, and CBC with a single IV. 2-key behavior can be achieved by providing the same key value for the first and third keys. SSL does not do that. SSL uses 3 separate keys. To inquire about the algorithm that was negotiated on an SSL socket, you use the functions SSL_GetChannelInfo and SSL_GetCipherSuiteInfo declared in http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl.h#435 I don't know the answers for S/MIME. -- Nelson B
