www.Go4Support.com    forums.go4support.com    Forums  Hop To Forum Categories  Hardware  Hop To Forums  eToken    Encrypt fails with rc=33
Go
New
Find
Notify
Tools
Reply
  
-star Rating Rate It!  Login/Join 
urgestein
Picture of urgestein
Posted
Hi @all,
I am using eToken PRO to encrypt/decrypt datablock using RSA 1024. Beyond 117 byte data length I always get rc=33, CKR_DATA_LEN_RANGE. I would have expected that encryption works up to 128 bytes, with first bit zero.

Any suggestion/explanation/hint?

Text Filetrace.txt (2 KB, 8 downloads) Sample showing problem
 
Posts: 1 | Registered: 26 October 2007Reply With QuoteReport This Post
sharad
Picture of sharad
Posted Hide Post
Dear Sir
In order to troubleshoot the issue we would like to know the following:
1. Which RTE or PKI client are you using ?
2. How are you communitcation with the eToken ? using PKCS#11 ? CAPI ?
3. Please send us the relevant subset of the code you are using in order to encrypt / decrypt.
4. Please share with us any other information you may have regarding the scenario.
 
Posts: 64 | Registered: 17 May 2007Reply With QuoteReport This Post
sharad
Picture of sharad
Posted Hide Post
Please see the below paragraph from Microsoft:

If a large amount of data is to be encrypted, it can be done in sections by calling CryptEncrypt repeatedly. The Final parameter is set to TRUE on the last call to CryptEncrypt so that the encryption engine can properly finish the encryption process. The following extra actions are performed when Final is TRUE:
· If the key is a block cipher key, the data is padded to a multiple of the block size of the cipher. To find the block size of a cipher, use CryptGetKeyParam to get the KP_BLOCKLEN value of the key.
· If the cipher is operating in a chaining mode, the next CryptEncrypt operation resets the cipher's feedback register to the KP_IV value of the key.
· If the cipher is a stream cipher, the next CryptEncrypt resets the cipher to its initial state.
The Microsoft Enhanced Cryptographic Provider supports direct encryption with RSA public keys and decryption with RSA private keys. The encryption uses PKCS #1 Type 2 padding. On decryption, this padding is verified. The length of plaintext data that can be encrypted with a call to CryptEncrypt with an RSA key is the length of the key modulus minus eleven bytes. The eleven bytes is the chosen minimum for PKCS #1 padding. The ciphertext is returned in little-endian format.
Windows NT, Windows Me/98/95: The Microsoft Enhanced Cryptographic Provider is not available.

1024/8 = 128 bytes - 11 bytes = 117 bytes

Please let me know if there are any further questions,
 
Posts: 64 | Registered: 17 May 2007Reply With QuoteReport This Post
  Powered by Social Strata  
 

www.Go4Support.com    forums.go4support.com    Forums  Hop To Forum Categories  Hardware  Hop To Forums  eToken    Encrypt fails with rc=33