Hi,
I'm trying to generate a certificate for an RSA key and then put it onto a
smart card using NSS. I can successfully generate the RSA key and a
self-signed certificate as well as putting that certificate on the card.
However, I am unable to store the associated private key on the card which
makes the certificate rather useless. The following is roughly what operations
I am performing. Most functions are taken from certutil.c and certgen.c.
//slot is a PK11SlotInfo *
SECKEYPrivateKey * privk = NULL;
SECKEYPublicKey * pubk = NULL;
GenerateKeyPair(slot, &pubk, &privk, keysize);
CERTCertificateRequest * req = make_cert_request(subject, pubk);
CERTCertificateRequest * temp_cert = make_cert (req, serial, &req->subject);
set_cert_type(temp_cert,
NS_CERT_TYPE_OBJECT_SIGNING |
NS_CERT_TYPE_OBJECT_SIGNING_CA);
SECItem * derCert = sign_cert(temp_cert, privk);
char * name = "John Doe\0";
char * trusts = "u,u,u\0";
AddCert(slot, db, name, trusts, derCert, PR_FALSE, NULL);
importKey(slot, privk, pubk, PR_TRUE, PR_FALSE);
The last line of this code is what fails. Specifically, it fails here:
http://dxr.mozilla.org/mozilla-central/source/security/nss/lib/pk11wrap/pk11obj.c?from=pk11obj.c#l191
Does anyone have any advice about this problem?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
