Re: Mozilla/Firefox certificate import error with CKA_LABEL

Fri, 27 Jul 2007 02:55:08 -0700 

> I understand your real concern is the ability to import the above two
> certs (and their private keys) into another module, other than softoken.
> I suggest you test that.  To do so, you need to add another command
> line argument to the pk12util lines above, the option "-h tokenname"
> where tokenname is the name of a token using your module, as reported
> by NSS's modutil program.

Hi Nelson

Thanks for you help. Now I did the following

-----------snip------------------------

# Create new Certstore for testing
certutil -N -d .

# Add Siemens PKCS#11 module
modutil -add Siemens -libfile /usr/local/lib/libsiecap11.so -dbdir .

# List all modules
certutil -U -d .

     slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB

     slot: NSS Internal Cryptographic Services
    token: NSS Generic Crypto Services

     slot: OMNIKEY CardMan 4040 Socket 0 00 00
    token: Testcard


# add Certificates to Testcard via Siemens module
pk12util -i Ulf\ Leichsenring-AUT-cert.p12 -d . -h Testcard
Enter Password or Pin for "Testcard":
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL

pk12util -i Ulf\ Leichsenring-ENC-cert.p12 -d . -h Testcard
Enter Password or Pin for "Testcard":
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL

# List alls imported Certificates on Testcard
certutil -L -d . -h Testcard
Enter Password or Pin for "Testcard":
Testcard:Ulf Leichsenring (AUT)                              u,u,u
Testcard:Ulf Leichsenring (AUT)                              u,u,u


# compare with the friendlyName inside the PKCS#12 container

# the AUT certificate
openssl pkcs12 -info -in Ulf\ Leichsenring-AUT-cert.p12 -nokeys
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
     localKeyID: 5A 6B 20 F9 71 6F 38 CD FE A9 EB 91 04 34 E5 D5 F3 F0 6A 16
     friendlyName: Ulf Leichsenring (AUT)
subject=/C=DE/O=Testcompany/CN=Ulf Leichsenring
issuer=/C=DE/O=Testcompany/CN=Testcompany AUT CA

# the ENC certificate
openssl pkcs12 -info -in Ulf\ Leichsenring-ENC-cert.p12 -nokeys
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
     localKeyID: 45 0A A6 DB 00 FA E2 7F 09 B4 C6 4A F1 CC 8F 7F 0F 69 E4 5D
     friendlyName: Ulf Leichsenring (ENC)
subject=/C=DE/O=Testcompany/CN=Ulf Leichsenring
issuer=/C=DE/O=Testcompany/CN=Testcompany ENC CA

-----------snip------------------------

Even if I import the two PKCS#12 files to the token, the CKA_LABEL ist 
set wrong. Both keys/certificates have it set to "... (AUT)" because 
this was the first imported certificate.


Best regards
Ulf


-- 
Ulf Leichsenring
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to