pfnus wrote:
> Hi Robert,
> my situation now is like this;
>
> There is no keypair yet in my token, also no certificate yet.Whenever
> i try to go to a secure website (https), C_CreateObject will get
> called, followed by C_VerifyRecoverInit, then C_VerifyRecover and
> C_DestroyObject.A public key template is passed in by Communicator
> during C_CreateObject. I am confused about a couple of things happened
> here; I guessed that the secure website is presenting a certificate to
> NC, and the public key is extracted by NC., and then a public key
> template is passed in to C_CraeteObject. Then C_VerifyRecoverxxx is
> called to verify the certificate's signature. Am i right at this
> point?
Hmmm, something just isn't getting interpreted right here. I know why
the calls are being made -- you have selected 'RSA' as part of the
configuration for your token. You really only want to do this if you are
running a hardware accellerator. If you just have a smart card, do not
set the RSA flag on your token. NSS is perfectly capable of
determinining that you can do RSA operations, the bit tell NSS that your
token should be used for *all* RSA operations.
That still doesn't answer the mystery of why you are getting bad
Attribute data, though.
>
> Question: Why the public Key modulus is always the same, with length
> of 126 bytes,(including a leading '0' byte) no matter which https site
> i go to? I am pretty much confused here,
> any ideas what had happened?
There is something really weird with your setup. I can picture a bug in
our system where for some reason we are building bad modulus's during
key gen, but Communicator would be completely broken if it kept
extracting 126 byte Modulus's from certificates. My best guess at this
point is there is some sort of packing problem with your data structures
and you and Communicator can't agree on where the length value is
supposed to go.
Again, I'd suggest grabbing a copy of mozilla and one of the sample apps
and see if you can step through where things get confused.
bob
