Hi Robert,
I have managed to see the user's certificate after some lengthy
debugging,
however, i didn't issue any certificate direct to my token. So, now i
want to use Netscape Comm to generate a key pair and issue a
evaluation email certificate from Verisign. However, i am confused
why the public key CKA_MODULUS length is 126 bytes during
C_CreateObject, passed in by communicator. ( i use version 4.77).
Shouldn't it be 128 bytes (1024 bits)? What is the missing piece here?
Any help? Thanks..
Robert Relyea <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> pfnus wrote:
>
> > Hi,,
> > I support CKM_RSA_PKCS algorithm only in C_GetMechanismLsit, and
> > Netscape (i used version 4.77) called C_FindObjectsInit, C_FindObj,
> > C_FindObjFinal and C_GetAttributeValue several rounds consecutively(I
> > don't know why yet)
> > , passing me the template with one attribute which is CK_CLASS with
> > value CKO_CERTIFICATE.
> >
> > In C_GetAttributeValue, i filled in my der encoded Certificate into
> > CKA_VALUE, and set an arbitrary value to CKA_LABEL and CKA_ID., as
> > requested by Netscape. However, after this, Netscape didn't show up my
> > certificate when i tried to view it in security Info after i added in
> > the pkcs11 module. Anybody can shed some lights on this?
>
>
> What configuration values did you give your PKCS #11 module when you
> installed it? Are you seeing a search for CKO_PRIVATE_KEY after the
> certificate?
>
> Thanks in
> > advance.., Netscape doesn't call C_CreateObjecr if i only support
> > CKM_RSA_PKCS in my mechanism list, must i support other algorithm(s)
> > or what are the missing things that i need to implement in order to
> > push my smart card user's certificate into Netscape through PKCS11?
>
>
> Communicator will call C_CreateObject if you only support CKM_RSA_PKCS,
> but only if it wants to store a key and cert in your token. Communicator
> only stores certs if the corresponding private keys exists in the token.
> Have yout tried issuing the key and cert directly to your token. BTW in
> order for this to work your token also needs to be writeable.
>
> bob
>
>
> >
