Oscar So wrote:
Hi,If my PKCS#11 module only supports CKM_RSA_PKCS_PSS padding (not even PKCS#1 padding), in C_GetMechanismList, should it just return the following CKMs: CKM_RSA_PKCS_KEY_PAIR_GEN CKM_RSA_PKCS_PSS CKM_RSA_X_509 CKM_SHA_1 Since I am only return these CKMs, FireFox does not recognize my PKCS#11 module at all. Any hints ?
Exactly what do you mean by 'not recognize'? Does the module: 1) not load - (this should be some other issue than your mechanisms).2) module loads, but certs aren't recognized (also not an issue with mechanisms). 3) can decrypt S/Mime messages or do SSL client auth. That is a problem with the mechanisms...
NSS (and thus Firefox) requires CKM_RSA_PKCS as that is what all the protocols it supports uses (TLS S/MIME). NSS uses CKM_RSA_X509 for ssl2 connections since ssl2 uses part of the PKCS #11 padding to encode rollback attack prevention info.
bob
Thank you very much! Best, Oscar _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
