As NSS doesnt expose that function (IMHO it Should), couldnt you use PK11_Read/WriteRawAttribute? (Apart this should being fixed or not)
On Tue, Oct 7, 2014 at 10:20 AM, helpcrypto helpcrypto <helpcry...@gmail.com > wrote: > On Tue, Oct 7, 2014 at 10:02 AM, Sean Leonard <dev+mozi...@seantek.com> > wrote: > >> Thanks, but the need is to change the nickname. It is displayed in >> Mozilla apps for various purposes. The nickname is also known as the >> "friendly name" on other platforms (e.g., MS CryptoAPI) and in other >> standards (e.g., PKCS #9). >> >> The nickname is the CKA_LABEL (0x00000003) attribute. That is exactly >> what NSS maps it to (see the implementation of PK11_SetObjectNickname), and >> for good reason. See pkcs11t.h and PKCS #11 v2.20 Section 10.4. Note that >> CKA_LABEL is defined as a UTF-8 encoded string. >> > > Oh, I see. Then you could use C_G/SetAttributeValue with CKA_LABEL, isnt > it? > > > > >> Sean >> >> On 10/7/2014 12:38 AM, helpcrypto helpcrypto wrote: >> >>> IIRC, nicknames aren't part of PKCS#11 standard, so i would suggest >>> instead >>> using CKA_ID (hash of public key; certificate, public and private keys >>> have >>> the same) >>> >>> On Tue, Oct 7, 2014 at 9:15 AM, Sean Leonard <dev+mozi...@seantek.com> >>> wrote: >>> >>> Hi Mozilla/Firefox crypto people: >>>> >>>> In Firefox 33 (and generally Mozilla toolkit apps, including >>>> Thunderbird) >>>> on Windows, it appears that nss3.dll is folded and only a subset of >>>> functions are exposed. See <http://mxr.mozilla.org/ >>>> mozilla-beta/source/security/build/nss.def>. >>>> >>>> Among the functions that are not exported are PK11_SetPublicKeyNickname >>>> and PK11_SetPrivateKeyNickname. Removal of these functions causes >>>> significant hardship for our code, because those are the only >>>> abstraction-safe ways to do those things. Internally they call >>>> PK11_SetObjectNickname but PK11_SetObjectNickname has not historically >>>> been >>>> exported. Worse, these functions are still exported on Mac OS X and >>>> Linux >>>> builds; it is rather crazy that there are basic functions that one can >>>> do >>>> on some platforms but not all. >>>> >>>> I have managed to cobble together a solution together for Windows, but >>>> it >>>> involves having knowledge of the layout of PK11SlotInfoStr (to get >>>> things >>>> like the slot and session variables) which has not been considered >>>> "public": it is in secmodti.h. >>>> >>>> Can these two functions please be added back to >>>> mozilla/security/build/nss. >>>> def? >>>> >>>> Thank you, >>>> >>>> Sean >>>> -- >>>> dev-tech-crypto mailing list >>>> dev-tech-crypto@lists.mozilla.org >>>> https://lists.mozilla.org/listinfo/dev-tech-crypto >>>> >>>> >> -- >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> > > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
