[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] Re: limitation in bouncy castle
From:       Tomas Gustavsson <tomasg () primekey ! se>
Date:       2008-02-27 8:45:54
Message-ID: 47C52342.7030405 () primekey ! se
[Download RAW message or body]


Perhaps I am missunderstanding everything, but I'll at least explain 
what I mean with crypto middle-ware below.

With regards to your problem perhaps you can post the code that 
generates the keys and the pkcs12 that fails to import in windows?
I have never had any problems using 1024, 2048 or even 4096 bit RSA keys 
in pkcs12 files in windows (although I prefer to use GNU/Linux).
It was RSA keys right?

Crypto-middleware:
When you use a piece of cryptographic hardware such as:
- A smart card
- A Hardware Security Module (HSM) like nCipher, SafeNet Luna, etc.
The private key is stored in the hardware and can not be copied to the 
computer. All cryptographic operations involving the private key is done 
in the piece of cryptographic hardware.
So if you use Java the crypto middle-ware usually show up as a JCE 
Provider which you can use, or a PKCS#11 library that you can use with 
the PKCS#11 Provider build into every JDK >= 1.5.
When you get a PrivateKey object from such a provider you can not write 
that private key to a file and import it somewhere else, because the 
PrivateKey object is just a reference to the internal private key inside 
the crypto hardware. This is why you call decrypt functions in BC with a 
provider argument, so the BC api actually passes the PrivateKey object 
to the middle-ware provider where the actually cryptographic operation 
is taking place.

As I said, maybe this has nothing to do with your case, but since you 
mentioned crypto hardware I though of this possibility.

Regards,
Tomas

Ayman wrote:
> Hello All,
> 
>  
> 
> Yes, I changed the public key exponent from a small one to a large one 
> then the problem appears.
> 
>  
> 
> With respect to "crypto middle-ware" I don't know really what is it?
> 
> Is it really important when using large public key exponents?
> 
>  
> 
> Thanks so much
> 
> Ayman
> 

[prev in list] [next in list] [prev in thread] [next in thread]