> This surprises me, a little.
>
> If you had written that you experience this behavior with NSS's own
> built-in pure-software PKCS#11 module ("softoken") I would not have been
> surprised. Softoken maps CKA_LABELs onto certificate subject names, so
> all certificates with the same subject name have the same CKA_LABEL.
> But I didn't think NSS would force that onto other PKCS#11 modules.
>
> You wrote that you try to import PKCS#12 files using FireFox.
> As an experiment, let me ask you to try doing the imports with NSS's
> command line tool "pk12util" instead of with FireFox.
> If it works (creates separate labels) with pk12util, but not with FireFox,
> that will tell us that the problem is in PSM (part of FireFox) rather than
> in NSS.
Hi Nelson
I tried the following with Softtoken as you asked. I created two
keypairs/certificates and exported them to PKCS#12.
Both certificates have set the "cn=Ulf Leichsenring" but have different
keyUsages (keyEncryption vs. digitalSignature).
The My-AUT-cert.p12 has a friendlyName of "Ulf Leichsenring (AUT)" and
the My-ENC-cert.p12 hat a friendlyName of "Ulf Leichsenring (ENC)".
First, I imported my AUT certificate into a new Softtoken using
# pk12util -i My-AUT-cert.p12 -d .
Then I imported my ENC cert using
# pk12util -i My-ENC-cert.p12 -d .
After that, I viewed the certificate store with
# certutil -L -d .
And it showed me two entries named
Ulf Leichsenring (AUT) u,u,u
Ulf Leichsenring (AUT) u,u,u
So it looks likes an error inside NSS to me. Anything I can do/test further?
Best regards
Ulf
--
Ulf Leichsenring
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
