ben wrote:
PSM looks up all the writable tokens that are capable of handling the particular key type you which to generate. (This includes the internal token).Hi there,I'd like to know does the <keygen> call a local PKCS11 module, and how does it store the key pair into the local key store and how I can know which PKCS11 module will be used if there are more than two?
If there are more than one, a selection box is presented to the user and the user selects which token to generate the key in.
A. If the selected token can not generate the key (does not support CKM_RSA_GENERATE_KEY_PAIR, for instance), then a temporary key is generated in the internal token and then written to the selected token). Thus support of C_CreateObject is sufficient to support keygen.
B. the select token can generate the key, the key is generated in token.On certificate download, all tokens are searched for the matching private key. The certificate is automatically loaded in the same token as the private key.
You cannot know for certain with the keygen tag what token the user has selected (even if that information is published, there is no guarrentee that the user is using a PKCS #11 module which is lying about it's name and capabilities). On the other hand, it means you can use existing infrastructure to put keys into tokens without changing that infrastructure (That is, you can go to thawte, and get a freemail cert and have the keys and cert reside in your smart card).
Is there any similar way for IE with a CSP? Here is a piece of HTML code: <form> <keygen NAME="randomkey" CHALLENGE="1234567890"> <input TYPE="text" NAME="Field1" VALUE="Default Text"> </form>If you can point out a doc link, it will be great.
Sigh, keygen is not well documented. The information I presented above can be found at: http://developer.mozilla.org/en/docs/PKCS11_FAQ#QUESTIONS_ABOUT_KEYS_AND_TOKENS the crmf java script docs are available at http://developer.mozilla.org/en/docs/JavaScript_crypto#Overview_of_New_Cert_Issuing_Process bob
Thanks. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
