Paul Santapau Nebot wrote:
First of all thank you for your help Bob, I've read reference you told me but I have already had two problems that I think are in relation. The first one is that when I install my pkcs11 module from a JavaScript with PKCS11_PUB_READABLE_CERT_FLAG flag, the certificates token stores appear on Firefox like certificates for others it is like Firefox doesn't know it can access private keys when loggin.In order for you to use PKCS11_PUB_READABLE_CERT_FLAG, not only does the cert have to be publically readable, but you must have a public key installed with the same CKA_ID as the cert and private key. NSS uses this as the hint that you have the corresponding private key. Otherwise NSS cannot tell if the particular cert is a 'user' cert or not.
The second problem is related with my token capabilities, it is able to sign (basically mechanism implements CK_RSA_PKCS and when I try to authenticate against a server using signature, Firefox still doesn't ask me for the password and the authentication fails.Same problem as above. If NSS only lets to sign with user certs. If NSS does not know the cert is a user cert, it won't even try it for signing.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
