diff options
-rw-r--r-- | base/common/python/pki/crypto.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index 7f0384658..edb32c044 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -325,9 +325,17 @@ class NSSCryptoProvider(CryptoProvider): :param nonce_iv Nonce data :return: Unwrapped data - Return unwrapped data for data wrapped using AES KeyWrap + Return unwrapped data for data that has been keywrapped. + For NSS, we only support 3DES - so something that has been + keywrapped can be decrypted. This is precisely what we used + to do before. """ - raise NotImplementedError() + return self.symmetric_unwrap( + data, + wrapping_key, + mechanism=nss.CKM_DES3_CBC_PAD, + nonce_iv=nonce_iv + ) def get_cert(self, cert_nick): """ |