I have known the answer! NS encrypt message is "known crypto message" my error is my smartcard rsa engine is big-endian. so the public key and the encrypt message need to built in big-endian before send to smartcard.
"pingzhenyu" <[EMAIL PROTECTED]> д����Ϣ���� :at6puc$[EMAIL PROTECTED] > Thank you very match! > > How can i call function in the softoken3. > when i call the C_Initialize,how can i set the pk11_parameters? > > I don't know why test failed at DECRYPT step. I generate key pair use > smartcard RSA engine. > so the newly generated key pair will be considered valid. > > NS will use the C_GetAttribuerValue to get the public key . He will use this > public key encrypt the message. > and Send me the result to Decrypt. but i can't get the right Value. > > When i send public key to NS, I must do pading or completed valid block ? > built in big-endian on a little-endian computer? > > if the public key is: > > 64 f6 46 3a 97 2e 83 38 > 09 57 43 cb ca 41 59 0d > 03 35 d6 e4 36 6f 2c fc > 63 43 95 c4 fd e2 c4 ed > 06 da 9a 21 98 fc 0a 6e > 3f 1c ad 3a db 7c 83 2f > 14 d0 58 80 02 df dc 96 > 70 09 00 e3 5b bd 2b 45 > > what is the NS need to be done? > > Is Ns set the completed encrypt block ? > > > 2a 5c ce fa 60 d4 78 38 > 62 bb f1 c9 c2 df 2b a8 > 10 04 00 05 05 02 0d f7 > 86 48 86 2a 08 06 0c 30 > 20 30 00 ff ff ff ff ff > ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff > ff ff ff ff ff ff 01 00 > > > > > > "Nelson B. Bolyard" <[EMAIL PROTECTED]> > ??????:[EMAIL PROTECTED] > > After generating a key pair, mozilla tests the key pair to ensure that it > > works before considering it valid and using it. > > > > If the newly generated private key has the CKA_DECRYPT attribute set, > > mozilla will encrypt some data with the public key and then attempt to > > decrypt it on your token with the newly generated private key. If that > > fails, mozilla will treat the newly generated key pair as invalid. > > I think your test failed at this step. If a module does not implement > > C_DecryptInit then it should not set the CKA_DECRYPT attribute on any > > generated private key. > > > > If the newly generated private key has the CKA_SIGN attribute set, mozilla > > will attempt to sign some data using the new private key, and then will > > attempt to verify the signature using the public key. If that fails, > > then the newly generated key pair will be considered invalid. > > > > Only after these steps succeed will mozilla consider the new key pair > valid. > > > > Note that mozilla will typically NOT use an external token to do the > public > > key operations, but rather will get the generated public key value and do > > the public key operations in NSS's built-in PKCS 11 token. > > > > -- > > Nelson Bolyard Netscape > > Disclaimer: I speak for myself, not for Netscape > >
