(Note: follow-up to mozilla.dev.tech.crypto)
Ulf Leichsenring wrote:
> I have a problem importing multiple keys/certificates that are stored in
> PKCS#12 container files into Firefox (v.2.0.0.5) using a smartcard and
> the PKCS#11 library of this smartcard.
> After installing all the keys and certificates onto the smartcard all
> key and certificates have an identical CKA_LABEL. It is set to the
> CKA_LABEL of the first certificate installed. Very PKCS#12 container
> files (one for each key/certificate) has a different FriendlyName.
This surprises me, a little.
If you had written that you experience this behavior with NSS's own
built-in pure-software PKCS#11 module ("softoken") I would not have been
surprised. Softoken maps CKA_LABELs onto certificate subject names, so
all certificates with the same subject name have the same CKA_LABEL.
But I didn't think NSS would force that onto other PKCS#11 modules.
You wrote that you try to import PKCS#12 files using FireFox.
As an experiment, let me ask you to try doing the imports with NSS's
command line tool "pk12util" instead of with FireFox.
If it works (creates separate labels) with pk12util, but not with FireFox,
that will tell us that the problem is in PSM (part of FireFox) rather than
in NSS.
--
Nelson B
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
