Problem with using crypto accelerator MCA6000 for RSA jobs

Thu, 20 Aug 2009 16:51:12 +0530 

Yes, the RSA private keys as well as the certificates are stored in the
keystore in the card. See below .**bash-3.00# certutil -K -d .*
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key
and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
certutil: no keys found
*bash-3.00# certutil -K -d . -h "Sun Software PKCS#11 softtoken"*
certutil: Checking token "Sun Software PKCS#11 softtoken" in slot "Sun
Crypto Softtoken"
Enter Password or Pin for "Sun Software PKCS#11 softtoken":
certutil: no keys found
*bash-3.00# certutil -K -d . -h "Sun Metaslot"*
certutil: Checking token "Sun Metaslot" in slot "Sun Metaslot"
Enter Password or Pin for "Sun Metaslot":
< 0> rsa      **204a23dbb2e82d7d8c1495e3374dcd**4462423e4c   Sun
Metaslot:cert309
< 1> rsa      **54ea6d93df1cfef13064aedc6f6c7f**0dce34e7b6   Sun
Metaslot:cert147
< 2> rsa      **34d4a4974cf325e735dd23bb3a6b46**80249f3550   (orphan)
< 3> rsa      **2018eecb4c05eb25cd30be4de6f13c**caeadcb43d   Sun
Metaslot:cert1151
< 4> rsa      **61932a2d796fd8f6e82949059176e9**80cde5c55a   sanCert
< 5> rsa      **4e752a9b4a76c1462d9aec76de1617**e08d07ff42   Sun
Metaslot:ismc_cert  *

On Thu, Aug 20, 2009 at 4:41 PM, Darren J Moffat <Darren.Moffat at 
sun.com>wrote:

> Rishi Renjith wrote:
>
>> We tried disabling metaslot also. In that case, instead of "Sun Metaslot"
>> we get the name of the keystore we created in the SCA card using sca
>> manager. The following are the various combinations we tried and the
>> results.
>> *With metaslot enabled + (NSS DB in) FIPS/nonFIPS mode:  rsaprivate
>> doesn't increment, aes does*
>> *
>> *
>> *With metaslot disabled + (NSS DB in) non FIPS mode: aes doesn't
>> increment, rsaprivate does*
>> *
>> *
>> *With metaslot disabled + (NSS DB in) FIPS mode: rsa increments, but we
>> get "bad mac error"*
>>
>
> The RSA private key is in the SCA card and not in the NSS keystore right?
>
> --
> Darren J Moffat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090820/45cde93c/attachment.html>

Reply via email to