Nelson B wrote: ... > > pk11_backupGetSignLength only works with keys that have the CKA_SIGN > attribute set to TRUE. Consequenly, one would expect it would fail > with many decryption private keys. I'm pretty sure that's why NSS > doesn't attempt to call pk11_backupGetSignLength in the > encrypt/decrypt case. > ...
NSS executes the encrypt/decrypt test branch only if the key has
CKA_DECRYPT set to TRUE. With test mechanism CKM_RSA_PKCS the module
would do the padding and an C_Encrypt call in 'pk11_backupGetEncryptLength' would give back the length that NSS is looking for. Isn't it?
Cheers
Martin
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
