Hello,
I am developing a PKCS#11 module to be used with Thunderbird. However, I
have trouble providing a valid signature for e-mails. The mechanism used
is CKM_RSA_PKCS and I have a 1024bit private key along with the
certificate, stored on the token. The signature is generated in a C#
.NET CF program running on the device, using this piece of code:
RSACryptoServiceProvider rsa =
PKCS11Library.TryLoadPK(Encoding.ASCII.GetString(keyPath, 0,
keyPath.Length), out keyRawData); // this returns a valid
RSACryptoServiceProvider instance
signature = rsa.SignData(data, new SHA1CryptoServiceProvider()); //signs
the data we need
I am not sure about the second parameter of the rsa.SignData method -
the documentation says it is of type "object" and it's the mechanism to
be used to sign the data. I cannot think of any more appropriate object
to be passed there than SHA1CryptoServiceProvider.
Now, the problem is that the signed e-mail is sent correctly but after
receiving it, Thunderbird states that the signature is invalid. My
question is, is there any format NSS (Thunderbird) needs the signature
in? Does the signature I am providing, look properly at a first glance?
(Please look at line 45 in the pkcs11-spy log I am attaching).
---------------------------- PKCS11 SPY LOG BEGIN
----------------------------
32: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 0 buffer
CKA_CLASS requested with 0 buffer
[out] pTemplate[2]:
CKA_ID has size 4
CKA_CLASS has size 4
Returned: 0 CKR_OK
33: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 4 buffer
CKA_CLASS requested with 4 buffer
[out] pTemplate[2]:
CKA_ID [size : 0x4 (4)]
01000000
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
34: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_ID [size : 0x4 (4)]
01000000
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
35: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 2 Matches
Returned: 0 CKR_OK
36: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
37: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_KEY_TYPE requested with 4 buffer
[out] pTemplate[1]:
CKA_KEY_TYPE CKK_RSA
Returned: 0 CKR_OK
38: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_TOKEN requested with 1 buffer
[out] pTemplate[1]:
CKA_TOKEN True
Returned: 0 CKR_OK
39: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_PRIVATE requested with 1 buffer
[out] pTemplate[1]:
CKA_PRIVATE True
Returned: 0 CKR_OK
40: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_MODULUS requested with 0 buffer
[out] pTemplate[1]:
CKA_MODULUS has size 128
Returned: 0 CKR_OK
41: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_MODULUS requested with 128 buffer
[out] pTemplate[1]:
CKA_MODULUS [size : 0x80 (128)]
D0B54A0E 53C59293 278EE27A 928C30CB 4A1942F6 DE32B8A4 951196DF 53FE8469
7225D5B0 98421497 C7C70428 2468A022 C17B0E51 E17B86C4 E0624BED 398FCDCD
422F789A 9518E4D4 DC07DA20 186BD121 2B80725E 8AE34A68 78FBC43E 6F3A2A95
DC808706 01C8A576 B5A072E1 2F773240 F60AF083 5021112A E9F0CB7F 98A7EEC5
Returned: 0 CKR_OK
42: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x2
[in] pTemplate[1]:
CKA_PRIVATE requested with 1 buffer
[out] pTemplate[1]:
CKA_PRIVATE True
Returned: 0 CKR_OK
43: C_OpenSession
[in] slotID = 0x0
[in] flags = 0x4
pApplication=068DE800
Notify=5F8B5E19
[out] *phSession = 0x2
Returned: 0 CKR_OK
44: C_SignInit
[in] hSession = 0x2
pMechanism->type=CKM_RSA_PKCS
[in] hKey = 0x2
Returned: 0 CKR_OK
45: C_Sign
[in] hSession = 0x2
[in] pData[ulDataLen] [size : 0x23 (35)]
30213009 06052B0E 03021A05 0004149A E91D78EE 1FDC8F4F A65E41A2 1263BF31
94C4D2
[out] pSignature[*pulSignatureLen] [size : 0x80 (128)]
63334030 9439D903 9645AC11 C1C05136 0B17A571 16E3F223 06CA4941 CB0721E5
194CF829 43DF0DE9 AB6BD5DF 051A8906 1D974171 6879468E 1F043C4B 7763E607
D0163299 54AA23B4 4BD221B7 B8F1F880 23D7E032 2AB6C7D9 18C29AEF 23603C08
E91BE397 303271E4 1850AC57 B53CD457 D10056DE 3C7CCB0F 99AFFF51 86CC3E28
Returned: 0 CKR_OK
46: C_CloseSession
[in] hSession = 0x2
Returned: 0 CKR_OK
47: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 0 buffer
CKA_CLASS requested with 0 buffer
[out] pTemplate[2]:
CKA_ID has size 4
CKA_CLASS has size 4
Returned: 0 CKR_OK
48: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 4 buffer
CKA_CLASS requested with 4 buffer
[out] pTemplate[2]:
CKA_ID [size : 0x4 (4)]
01000000
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
49: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_ID [size : 0x4 (4)]
01000000
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
50: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 2 Matches
Returned: 0 CKR_OK
51: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
52: C_CloseAllSessions
[in] slotID = 0x0
Returned: 0 CKR_OK
53: C_Finalize
Returned: 0 CKR_OK
---------------------------- PKCS11 SPY LOG END ----------------------------
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
