Another bit of oddness. I can put the PKCS#11 device into "read only" mode where it only supports CKS_RO_PUBLIC_SESSION and CKS_RO_USER_FUNCTIONS states and asserts the CKF_WRITE_PROTECTED flag. In this state Firefox attempts to call C_CreateObject to create an ECC public key on the device which fails. Firefox returns sec_error_bad_signature to the user in this case stating "Peer's certificate has an invalid signature."
Perhaps I misunderstand the meaning of those state and flag values and that read only/write protected means that callers can still make objects as long as CKA_TOKEN=false? Jonathan -- View this message in context: http://mozilla.6506.n7.nabble.com/ECC-FIPS-Mode-and-PKCS-11-devices-tp316591p316609.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
