Re: Request restoration of PK11_SetPublicKeyNickname and PK11_SetPrivateKeyNickname

Tue, 07 Oct 2014 01:05:10 -0700

Thanks, but the need is to change the nickname. It is displayed in Mozilla apps for various purposes. The nickname is also known as the "friendly name" on other platforms (e.g., MS CryptoAPI) and in other standards (e.g., PKCS #9).
The nickname is the CKA_LABEL (0x00000003) attribute. That is exactly what NSS maps it to (see the implementation of PK11_SetObjectNickname), and for good reason. See pkcs11t.h and PKCS #11 v2.20 Section 10.4. Note that CKA_LABEL is defined as a UTF-8 encoded string. 

Sean

On 10/7/2014 12:38 AM, helpcrypto helpcrypto wrote:

IIRC, nicknames aren't part of PKCS#11 standard, so i would suggest instead
using CKA_ID (hash of public key; certificate, public and private keys have
the same)

On Tue, Oct 7, 2014 at 9:15 AM, Sean Leonard <dev+mozi...@seantek.com>
wrote:


Hi Mozilla/Firefox crypto people:

In Firefox 33 (and generally Mozilla toolkit apps, including Thunderbird)
on Windows, it appears that nss3.dll is folded and only a subset of
functions are exposed. See <http://mxr.mozilla.org/
mozilla-beta/source/security/build/nss.def>.

Among the functions that are not exported are PK11_SetPublicKeyNickname
and PK11_SetPrivateKeyNickname. Removal of these functions causes
significant hardship for our code, because those are the only
abstraction-safe ways to do those things. Internally they call
PK11_SetObjectNickname but PK11_SetObjectNickname has not historically been
exported. Worse, these functions are still exported on Mac OS X and Linux
builds; it is rather crazy that there are basic functions that one can do
on some platforms but not all.

I have managed to cobble together a solution together for Windows, but it
involves having knowledge of the layout of PK11SlotInfoStr (to get things
like the slot and session variables) which has not been considered
"public": it is in secmodti.h.

Can these two functions please be added back to mozilla/security/build/nss.
def?

Thank you,

Sean
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto



--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to