I assume that when you say the latest ActivCard drivers, you're referring to their PKCS#11 lib. What version are you using there? Have you use it with a sample NSS client/server app (not with Communicator)?
-- P "Robert Relyea" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Nelson B. Bolyard wrote: > > > Patrick wrote: > > > > > >>My NSS app was able to read a cert off a smartcard but *failed* to use > >>it for SSL client authentication. I have used a couple of different > >>PKCS#11 libraries with NSS, and the error message I get back are: > >>"key not authorized for requested operation", > >> > > > > I don't recognize that error message. It's not one of the NSS library's > > error messages, as far as I can tell. I suspect you saw this message: > > > > "The key does not support the requested operation." > > > > That's SEC_ERROR_INVALID_KEY. This error means that we attempted some > > operation with a key (often a private key), and got an error. There > > are many places in NSS where this error code is set. However, in the > > context of signing, the two most likely candidates are: > > > > 1. When NSS asked the PKCS#11 module for the length of the modulus of > > the private key (which is how NSS determines the length of a signature > > made with that private key), the module returned an error rather than > > the length. > > > This is the most likely change between Communicator and current versions > of NSS. From our discussions, I suspect that this is what is wrong with > the old Active Card drivers (Communicator wouldn't fail in these cases, > but continue assuming a maximum RSA modulus size, since it had a hard > limit to the RSA modulus anyway. Modern versions of NSS (including NSS > 2.x) no longer have that limit, so that failure is much more fatal). > > In know that we are running the latest versions of the Active card > drivers with NSS 3.3 here. > > bob >
