Vivek wrote:
A quick and dirty way to get around this is to turn off CKM_RSA_PKCS_KEY_PAIR_GEN and CKM_RSA_X9_31_KEY_PAIR_GEN. You'll find them in the C_GetMechanismList of your PKCS #11 library. If you support C_CreateObject for token objects, then you are 'home free' as far as Mozilla goes. Mozilla will generate the keys itself and store them into your token (promptly forgetting them).Hi,I have a PKCS11 (v 2.1) library ,.. Using this library via Mozilla I am trying to import a certificate on to the smart card. The process fails because this library does not support generation of RSA public keys on the token.. On looking at the failure point I see that much before the call to slbXsiPkiGenerateKeyPair() there is a check on the PublicKey Template to determine whether it is a Token object or not. If it is, then the check reports an error: "Can't generate RSA public keys on the token!"
You are deep into the internals of our PKCS #11 module, without any indication about what your PKCS #11 module is doing. Containers are CSP data structures, so it's not clear what they map to at the lower levels of your PKCS #11 module. Basically what happens below that will be dependent on your token and the library used to access it.I am a rookie with PKCS stuff, can someone please explain to me how to go about modifying the library to achieve the same functionality. Will just generation of the Key-pair using slbXsiPkiGenerateKeyPair() in the specified container be enough? (Via the CSP module I see the same procedure taking place)
Thanks, Vivek _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
