Finally I ended up allowing my software to generate the signature and
inmediately after the signature is generated, verifying it with the
certificate's public key, it if validates then the private key used for signing
and the public key are supposed to match, if it doesn't I discard the signatur
Today I have realized that a buggy PKCS#11 module for a cryptographic token I'm
working with is returning a wrong private key for a given certificate, thus
when calling org.mozilla.jss.CryptoManager#findPrivKeyByCert for 'cert 1' the
private key for 'cert 2' is returned, then my software generat
2 matches
Mail list logo
