Firefox behavior for CDP and AIA

I know that FF allows you to choose a CRL and it will check status against that CRL when it finds a cert issued by the CRL issuer. Does anyone know if FF uses the CDP in the cert or the cert's issuer name as a key to find the CRL? The reason I ask is in regards to partitioned CRLs, where a CA co

Issues with strategy used by org.mozilla.jss.CryptoManager#findPrivKeyByCert to find matching Private Key

Hi, I have a hardware token accesible via PKCS#11 which is storing private keys and certificate like this : certificate A, CKA_ID: 1234 certificate B, CKA_ID: 1234 priv key for certificate A, CKA_ID: 1234 priv key for certificate B, CKA_ID: 1234 Well, then I get 'certificate A' and call org.mozi

Re: How to check if a RSA Private key matches a certificate

Finally I ended up allowing my software to generate the signature and inmediately after the signature is generated, verifying it with the certificate's public key, it if validates then the private key used for signing and the public key are supposed to match, if it doesn't I discard the signatur

Re: Signature with a privatekey doesn't works in JSS

If you take a look at the source code for org.mozilla.jss.provider.java.security.JSSSignatureSpi you can see how does JSS use private key for signing, basically: CryptoToken owningToken = privKeyByCert.getOwningToken(); Signature signatureContext = owningToken.getSignatureCon