Ulf Leichsenring wrote (quoting Bob Relyea):
>> 1) the user has multiple certs with the same subject, but some certs
>> map to different roles (evil IMHO).
When Bob talks about different roles, he doesn't mean signing vs encryption.
He means (for example) multiple signing certs, each with the sam
Hi Bob
> 1) the user has multiple certs with the same subject, but some certs map
> to different roles (evil IMHO).
But you can find this constellation in many "business" PKI. The identity
of an user (his name or employee number) is taken as the cn= to match
the local directory structure (eG.
Ulf Leichsenring wrote:
I understand your real concern is the ability to import the above two
certs (and their private keys) into another module, other than softoken.
I suggest you test that. To do so, you need to add another command
line argument to the pk12util lines above, the option "-h toke
> I understand your real concern is the ability to import the above two
> certs (and their private keys) into another module, other than softoken.
> I suggest you test that. To do so, you need to add another command
> line argument to the pk12util lines above, the option "-h tokenname"
> where tok
Ulf Leichsenring wrote:
> I tried the following with Softtoken as you asked. I created two
> keypairs/certificates and exported them to PKCS#12.
> Both certificates have set the "cn=Ulf Leichsenring" but have different
> keyUsages (keyEncryption vs. digitalSignature).
> The My-AUT-cert.p12 has a fr
> This surprises me, a little.
>
> If you had written that you experience this behavior with NSS's own
> built-in pure-software PKCS#11 module ("softoken") I would not have been
> surprised. Softoken maps CKA_LABELs onto certificate subject names, so
> all certificates with the same subject name
(Note: follow-up to mozilla.dev.tech.crypto)
Ulf Leichsenring wrote:
> I have a problem importing multiple keys/certificates that are stored in
> PKCS#12 container files into Firefox (v.2.0.0.5) using a smartcard and
> the PKCS#11 library of this smartcard.
> After installing all the keys and
7 matches
Mail list logo
