pfnus wrote:
> Hi,,
> I support CKM_RSA_PKCS algorithm only in C_GetMechanismLsit, and
> Netscape (i used version 4.77) called C_FindObjectsInit, C_FindObj,
> C_FindObjFinal and C_GetAttributeValue several rounds consecutively(I
> don't know why yet)
> , passing me the template with one attribute which is CK_CLASS with
> value CKO_CERTIFICATE.
>
> In C_GetAttributeValue, i filled in my der encoded Certificate into
> CKA_VALUE, and set an arbitrary value to CKA_LABEL and CKA_ID., as
> requested by Netscape. However, after this, Netscape didn't show up my
> certificate when i tried to view it in security Info after i added in
> the pkcs11 module. Anybody can shed some lights on this?
What configuration values did you give your PKCS #11 module when you
installed it? Are you seeing a search for CKO_PRIVATE_KEY after the
certificate?
Thanks in
> advance.., Netscape doesn't call C_CreateObjecr if i only support
> CKM_RSA_PKCS in my mechanism list, must i support other algorithm(s)
> or what are the missing things that i need to implement in order to
> push my smart card user's certificate into Netscape through PKCS11?
Communicator will call C_CreateObject if you only support CKM_RSA_PKCS,
but only if it wants to store a key and cert in your token. Communicator
only stores certs if the corresponding private keys exists in the token.
Have yout tried issuing the key and cert directly to your token. BTW in
order for this to work your token also needs to be writeable.
bob
>
