On 8/16/2010 8:51 PM, Matej Kurpel wrote:
Hello,
I need to force authentication on the device everytime a sign
operation is requested from my PKCS#11 library. From the
specification, I understood that there is a flag
CKA_ALWAYS_AUTHENTICATE of the private key which should be set to
TRUE. However, NSS does not request the value of this attribute
anywhere so I have no way of telling it that in order to use the key,
C_Login needs to be called with user type CKU_CONTEXT_SPECIFIC.
I did some google research and found out that currently NSS does not
support any of these features (but the posts were quite older). My
question is; is the described behavior still unsupported? If yes, are
there any possibilities to achieve at least similar effect?
Thanks,
M. Kurpel
The work started a time ago in bug
https://bugzilla.mozilla.org/show_bug.cgi?id=357025, unfortunately now
the patch is quit old and I don't see it could be finished soon. Feel
free to contact me, if you would like to contribute, I have some updated
patches on my local disk, but still far from a complete implementation.
-hb-
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
