Hi Priit, No, you do not have to support those Netscape-specific attributes you see (in the vendor specific portion of the space). You do have to tolerate searches for these objects and attributes, but it's quite ok to say those objects don't exist. If you aren't building a generalized storage token, this is probably the correct semantic (you don't need to store CRL's or S/MIME cert records -- even to get S/MIME to work).
The only object that might be useful for tokens would be the trust attribute. I will be righting up a description of how that works soon, and posting it here and to the cryptoki mailing list. bob Priit Randla wrote: > > Hello everybody, > > > I'm writing a pkcs11 module for a specific smartcard ( Estonian > ID-card ). So far, it kinda works > under Netscape 4.7* for both win32&linux. > Using fresh Mozilla builds, im having problems i don't quite understand > how to approach. > Basically, do i have to support those Mozilla-specific > classes/attributes i'm seeing in > nss-3.3.1/mozilla/security/nss/lib/ckfw/ckt.h? Looks like mozilla > keeps searching for objects with those attributes. If yes, then what > should i do with them? Also, could some kind person please explain me > which functions do i have to program if i'm supporting mechanisms > CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA_1 and i'd like both ssl client > certs and s/mime to work? > > > Priit Randla > >
