Hi,
My PKCS#11 module is testing SSL Client Auth operation with CaCert.org.
Since the Root CA cert of CaCert.org is not inside CaCert.org, during
token login,
I would like to have the Root CA cert to be inserted into the FireFox cert store
under "Authorities". In other words, storing the certificate chains in
the token.
In this case, only the Root CA cert, and the client cert.
However, I have tried so many different attempts, and I still failed to do so.
Attached a PKCS#11 call log file. All I did is to login into the token from
the FireFox Certificate Manager into my token. Currently, the log file
only reflects the log from a "soft token".
In the log, I did response to CKA_NETSCAPE_TRUST with the following attributes:
CKA_TRUST_SERVER_AUTH = CKT_NETSCAPE_TRUSTED
CKA_TRUST_CLIENT_AUTH = CKT_NETSCAPE_TRUSTED_DELEGATED
CKA_TRUST_EMAIL_PROTECTION = CKT_NETSCAPE_TRUSTED
CKA_TRUST_CODE_SIGNING = CKT_NETSCAPE_TRUSTED CKA_TRUST_STEP_UP_APPROVED = FALSE
Thanks,
Oscar
*************** OpenSC PKCS#11 spy - ikpkcs11-0.0.1 *****************
Loaded: "C:\WINNT\system32\ikpkcs11.dll"
0: C_GetFunctionList
Returned: 0 CKR_OK
1: C_Initialize
Returned: 0 CKR_OK
2: C_GetInfo
cryptokiVersion: 2.1
manufacturerID: 'Unknown, Inc. '
flags: 0
libraryDescription: 'Unknown PKCS#11 Library '
libraryVersion: 0.6
Returned: 0 CKR_OK
3: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
4: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Slot 0
[out] *pulCount = 0x1
Returned: 0 CKR_OK
5: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 0.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
6: C_GetTokenInfo
[in] slotID = 0x0
[out] pInfo:
label: 'IronKey PKCS#11 '
manufacturerID: 'IronKey, Inc. '
model: 'IronKey PKCS#11 '
serialNumber: '0000000000000000'
ulMaxSessionCount: 100
ulSessionCount: 0
ulMaxRwSessionCount: 100
ulRwSessionCount: 0
ulMaxPinLen: 32
ulMinPinLen: 32
ulTotalPublicMemory: 0
ulFreePublicMemory: 0
ulTotalPrivateMemory: 0
ulFreePrivateMemory: 0
hardwareVersion: 0.0
firmwareVersion: 0.94
time: ' '
flags: d
CKF_RNG
CKF_LOGIN_REQUIRED
CKF_USER_PIN_INITIALIZED
Returned: 0 CKR_OK
7: C_GetMechanismList
[in] slotID = 0x0
[out] pMechanismList[4]:
Count is 4
Returned: 0 CKR_OK
8: C_GetMechanismList
[in] slotID = 0x0
[out] pMechanismList[4]:
CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_RSA_PKCS
CKM_RSA_X_509
CKM_SHA_1
Returned: 0 CKR_OK
9: C_OpenSession
[in] slotID = 0x0
[in] flags = 0x4
pApplication=02D24300
Notify=6017DC40
[out] *phSession = 0x2
Returned: 0 CKR_OK
10: C_GenerateRandom
[in] hSession = 0x2
Returned: 84 CKR_FUNCTION_NOT_SUPPORTED
11: C_SeedRandom
[in] hSession = 0x2
[in] pSeed[ulSeedLen] [size : 0x20 (32)]
89478CC0 BAF57AA3 93645C18 122478F4 6052A597 F36DC48D 581B81FB D645E732
Returned: 84 CKR_FUNCTION_NOT_SUPPORTED
12: C_FindObjectsInit
[in] hSession = 0x2
[in] pTemplate[1]:
CKA_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST
Returned: 0 CKR_OK
13: C_FindObjects
[in] hSession = 0x2
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x0
Returned: 0 CKR_OK
14: C_FindObjectsFinal
[in] hSession = 0x2
Returned: 0 CKR_OK
15: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 96.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
16: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_PUBLIC_SESSION'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
17: C_WaitForSlotEvent
Returned: 84 CKR_FUNCTION_NOT_SUPPORTED
18: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
19: C_WaitForSlotEvent
Returned: 84 CKR_FUNCTION_NOT_SUPPORTED
20: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
21: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
22: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
23: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_PUBLIC_SESSION'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
24: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_PUBLIC_SESSION'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
25: C_Login
[in] hSession = 0x2
[in] userType = CKU_USER
[in] pPin[ulPinLen] EMPTY
Returned: 0 CKR_OK
26: C_GetMechanismList
[in] slotID = 0x0
[out] pMechanismList[4]:
Count is 4
Returned: 0 CKR_OK
27: C_GetMechanismList
[in] slotID = 0x0
[out] pMechanismList[4]:
CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_RSA_PKCS
CKM_RSA_X_509
CKM_SHA_1
Returned: 0 CKR_OK
28: C_FindObjectsInit
[in] hSession = 0x2
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
29: C_FindObjects
[in] hSession = 0x2
[in] ulMaxObjectCount = 0x10
[out] ulObjectCount = 0x0
Returned: 0 CKR_OK
30: C_FindObjectsFinal
[in] hSession = 0x2
Returned: 0 CKR_OK
31: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
32: C_FindObjectsInit
[in] hSession = 0x2
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_NETSCAPE_TRUST
Returned: 0 CKR_OK
33: C_FindObjects
[in] hSession = 0x2
[in] ulMaxObjectCount = 0xa
[out] ulObjectCount = 0x1
Object 3 Matches
Returned: 0 CKR_OK
34: C_FindObjectsFinal
[in] hSession = 0x2
Returned: 0 CKR_OK
35: C_GetAttributeValue
[in] hSession = 0x2
[in] hObject = 0x3
[in] pTemplate[2]:
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
[out] pTemplate[2]:
CKA_TOKEN has size 1
CKA_LABEL has size 28
Returned: 0 CKR_OK
36: C_GetAttributeValue
[in] hSession = 0x2
[in] hObject = 0x3
[in] pTemplate[2]:
CKA_TOKEN requested with 1 buffer
CKA_LABEL requested with 28 buffer
[out] pTemplate[2]:
CKA_TOKEN True
CKA_LABEL [size : 0x1C (28)]
43416365 72742057 6F542055 73657227 7320526F 6F742043 41204944
C A c e r t . W o T . U s e r ' s . R o o t . C A . I D
Returned: 0 CKR_OK
37: C_GetAttributeValue
[in] hSession = 0x2
[in] hObject = 0x3
[in] pTemplate[11]:
CKA_CLASS requested with 0 buffer
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
CKA_CERT_SHA1_HASH(Netsc) requested with 0 buffer
CKA_CERT_MD5_HASH(Netsc) requested with 0 buffer
CKA_ISSUER requested with 0 buffer
CKA_SUBJECT requested with 0 buffer
CKA_TRUST_SERVER_AUTH(Netsc) requested with 0 buffer
CKA_TRUST_CLIENT_AUTH(Netsc) requested with 0 buffer
CKA_TRUST_EMAIL_PROTECTION(Netsc) requested with 0 buffer
CKA_TRUST_CODE_SIGNING(Netsc) requested with 0 buffer
[out] pTemplate[11]:
CKA_CLASS has size 4
CKA_TOKEN has size 1
CKA_LABEL has size 28
CKA_CERT_SHA1_HASH(Netsc) has size 20
CKA_CERT_MD5_HASH(Netsc) has size 16
CKA_ISSUER has size 120
CKA_SUBJECT has size 120
CKA_TRUST_SERVER_AUTH(Netsc) has size 4
CKA_TRUST_CLIENT_AUTH(Netsc) has size 4
CKA_TRUST_EMAIL_PROTECTION(Netsc) has size 4
CKA_TRUST_CODE_SIGNING(Netsc) has size 4
Returned: 0 CKR_OK
38: C_GetAttributeValue
[in] hSession = 0x2
[in] hObject = 0x3
[in] pTemplate[11]:
CKA_CLASS requested with 4 buffer
CKA_TOKEN requested with 1 buffer
CKA_LABEL requested with 28 buffer
CKA_CERT_SHA1_HASH(Netsc) requested with 20 buffer
CKA_CERT_MD5_HASH(Netsc) requested with 16 buffer
CKA_ISSUER requested with 120 buffer
CKA_SUBJECT requested with 120 buffer
CKA_TRUST_SERVER_AUTH(Netsc) requested with 4 buffer
CKA_TRUST_CLIENT_AUTH(Netsc) requested with 4 buffer
CKA_TRUST_EMAIL_PROTECTION(Netsc) requested with 4 buffer
CKA_TRUST_CODE_SIGNING(Netsc) requested with 4 buffer
[out] pTemplate[11]:
CKA_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN True
CKA_LABEL [size : 0x1C (28)]
43416365 72742057 6F542055 73657227 7320526F 6F742043 41204944
C A c e r t . W o T . U s e r ' s . R o o t . C A . I D
CKA_CERT_SHA1_HASH(Netsc) [size : 0x14 (20)]
7689CBF6 EC3BC44E 7485D4ED 080D18FE 75AC5932
CKA_CERT_MD5_HASH(Netsc) [size : 0x10 (16)]
8211286E 676C3C10 1650814D 8775E479
CKA_ISSUER [size : 0x78 (120)]
2F433D55 532F5354 3D43616C 69666F72 6E69612F 4C3D4C6F 7320416C 746F732F
4F3D4972 6F6E204B 65792F4F 553D4365 72746966 69636174 65205365 72766963
65732F43 4E3D546F 70204C65 76656C20 44656D6F 2043412F 656D6169 6C416464
72657373 3D6A7370 72696E67 4069726F 6E6B6579 2E636F6D
CKA_SUBJECT [size : 0x78 (120)]
2F433D55 532F5354 3D43616C 69666F72 6E69612F 4C3D4C6F 7320416C 746F732F
4F3D4972 6F6E204B 65792F4F 553D4365 72746966 69636174 65205365 72766963
65732F43 4E3D546F 70204C65 76656C20 44656D6F 2043412F 656D6169 6C416464
72657373 3D6A7370 72696E67 4069726F 6E6B6579 2E636F6D
CKA_TRUST_SERVER_AUTH(Netsc) True
CKA_TRUST_CLIENT_AUTH(Netsc) True
CKA_TRUST_EMAIL_PROTECTION(Netsc) True
CKA_TRUST_CODE_SIGNING(Netsc) True
Returned: 0 CKR_OK
39: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
40: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
41: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
42: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
43: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
44: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
45: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
46: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
47: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
48: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
49: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
50: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
51: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
52: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
53: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
54: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
55: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
56: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
57: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
58: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
59: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
60: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
61: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
62: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
63: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
64: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
65: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
66: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
67: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
68: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
69: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
70: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
71: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
72: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
73: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'CompanyName PKCS#11 SoftToken '
' '
manufacturerID: 'CompanyName, Inc. '
hardwareVersion: 37.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
74: C_GetSessionInfo
[in] hSession = 0x2
[out] pInfo:
slotID: 0
state: ' CKS_RO_USER_FUNCTIONS'
flags: 0
ulDeviceError: 0
Returned: 0 CKR_OK
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
