IIRC, nicknames aren't part of PKCS#11 standard, so i would suggest instead using CKA_ID (hash of public key; certificate, public and private keys have the same)
On Tue, Oct 7, 2014 at 9:15 AM, Sean Leonard <dev+mozi...@seantek.com> wrote: > Hi Mozilla/Firefox crypto people: > > In Firefox 33 (and generally Mozilla toolkit apps, including Thunderbird) > on Windows, it appears that nss3.dll is folded and only a subset of > functions are exposed. See <http://mxr.mozilla.org/ > mozilla-beta/source/security/build/nss.def>. > > Among the functions that are not exported are PK11_SetPublicKeyNickname > and PK11_SetPrivateKeyNickname. Removal of these functions causes > significant hardship for our code, because those are the only > abstraction-safe ways to do those things. Internally they call > PK11_SetObjectNickname but PK11_SetObjectNickname has not historically been > exported. Worse, these functions are still exported on Mac OS X and Linux > builds; it is rather crazy that there are basic functions that one can do > on some platforms but not all. > > I have managed to cobble together a solution together for Windows, but it > involves having knowledge of the layout of PK11SlotInfoStr (to get things > like the slot and session variables) which has not been considered > "public": it is in secmodti.h. > > Can these two functions please be added back to mozilla/security/build/nss. > def? > > Thank you, > > Sean > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto