Hello,
I am developing a PKCS#11 module and currently I am having problems
getting the certificate login working in Firefox.
I load a page, click on login button and then Firefox starts
communicating with my PKCS#11 module (the page wants its users to log in
using their certificates). It lets me select a certificate from a list -
well, I only have one so I select it and continue. Then, after some more
communication, C_Sign is performed. However, this fails because I have
no way of dealing with the data Firefox sends to my PKCS#11 module (the
data to sign using the C_Sign function).
Signing works properly in Thunderbird since it sends DER-encoded data
(hash algorithm OID and the hash itself) and dealing with that is fairly
straightforward.
However, Firefox sends some seemingly-random 36-byte data. If I use the
same algorithm as for Thunderbird (doesn't matter if SHA1 or MD5), the
page fails to load and says "ssl_error_decrypt_error_alert". I don't
know what should my PKCS#11 module provide for the page to accept it
correctly and continue.
Just FYI, there is a C# .NET program on the other end and trying
SignData or SignHash to compute the value to return proved unsuccessful.
Please, could anybody enlighten this issue to me?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
