Why are you trying to recreate functionality that the smartcard vendor already provides you? If you ask for the PKCS11 driver, you can just add the module to Mozilla using the browser controls & then point the browser to your PKI (if it has a web-enrollment function). The browser will use the PKCS11 driver to pop-up a PIN prompt, generate the keys, create the CSR and submit it to the CA.
If you do not have a web-enrollment interface to your PKI, and/or you want more control over the keygen/CSR process, take a look at the open-source CSRTool. It allows you to generate key-pairs, create a CSR and then combine the keys and certificate into a P12 file. While CSRTool does not work with smartcards yet, you can extend the code using the SunPKCS11 bridge in the JDK. If you're looking for example code for that capability, you can find it in StrongKey, another open-source tool (Google for both of these). Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: Atha <[EMAIL PROTECTED]> Date: Wednesday, June 6, 2007 1:00 am Subject: smart card - pki - mozilla/firefox > Hello to all > We curently use an open+custom PKI that supports smartcards with > IE. Now we > want to extend our capabilities to support also smartcards in > mozilla > clients with PKCS#11. The functionality that we need is: > 1. key-pair generation ON PKCS#11 enabled smartcard > 2. Creation of the certificate request > 3. Load of the created certificate to the smartcard > > My main problem is that i have made a lot of effort to find out > which is the > best point to start? > I have already tried without success, due to inexpirience in java > and java > script programming and of the confusing (for my opinion) > information that i > have found on internet. > Mainly i have tried with JavaScript and the info from: > http://developer.mozilla.org/en/docs/JavaScript_crypto > For example: > 1. I get an error "Cannot load module" when i try to > "pkcs11.addmodule("gj","c:\..\settoki.dll",0,0) > 2. Even if i find out how to load the module i am not sure how to > syntax the > "FLAGS" in order to have keypair-generation ON/BY the smartcard > and not > mozilla and after that how to tell to crypto.generateCRMFRequest > to use > smartcard. > 3. the SmartCard has a PIN, how can i prompt for the PIN? .... > > I am tottaly confused ... :( > Thus, does anybody have sugestion, docs, example code, > guiedlines... even in > JAVA or C? > > Thank you very much in advanced > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
