Re: gnome-keyring Secrets dbus api
- From: Stef Walter <stefw collabora co uk>
- To: Florian Eitel <feitel indeedgeek de>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: Re: gnome-keyring Secrets dbus api
- Date: Sat, 04 Dec 2010 13:23:45 -0600
On 2010-11-30 07:11, Florian Eitel wrote:
> Am Wed, 24 Nov 2010 23:31:47 -0600
> schrieb Stef Walter <stefw gnome org>:
>>> But now I have a 1024 bit
>>> secret and doesn't know how to generate my 128 Bit AES key. I tried
>>> to read your code but I doesn't understand the whole pkcs thing.
>>> With the 128 bit key and the IV in each message it should be
>>> possible to encrypt the transferred secret. I'am hoping for some
>>> hint.
>
>> I believe in the case of DH we truncate the resulting key to the
>> appropriate length. This is what we do in gnome-keyring. I'd like to
>> double check that this is the correct thing to do.
>
> In File gck-session.c, line 1678:
>
> return (args->base.pkcs11->C_DeriveKey) (args->base.handle,
> (CK_MECHANISM_PTR)&(args->mechanism),
> args->key, attrs, n_attrs, &args->derived);
>
> I think this doesn't looks like a simple truncate. But perhaps I'am
> wrong.
Internally in the DH derive key mechanism does a truncate when the
resulting key size requested from the operation is smaller than the one
generated by the DH algorithm. This is apparently not the right thing to do.
There's more discussion about this going on on the
authentication lists freedesktop org mailing list.
Truncation in question happens in the pkcs11 module. But an simpler
place to look at the behavior may be in libgnome-keyring [1].
Does that help?
Cheers,
Stef
[1] http://git.gnome.org/browse/libgnome-keyring/tree/egg/egg-dh.c#n345
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
