Priit Randla wrote: > > Hello, > > Could someone _please_ tell me exactly which kind of objects/attributes > one has to create for Mozilla > to show and use? I'm somehow having a very bad time getting a working > NS4 module to work under latest > Mozilla build. > Also, what should i do to avoid Mozilla ( and Netscape ) asking pins > for private keys which are associated > with certificates unsuitable for TLS ( nonRepudiation, authenticate > once per priv-key operation)? > > Priit
It depends on the type of token you have. For most tokens you need to support X509 certs, private and public keys (either RSA or DSA). Your token can always refuse to create, return, modify, or deal with any attribute or object that has the vendor specific bit turned on. If NSS 3.4 (or mozilla) crashes because you refused to deal with one of these attributes or objects that is a bug. You do have to support the attributes and objects documented in the PKCS #11 v2.x documents. If a list of attributes are requested and you don't recognize all of them, you still need to fill in those attributes you recognize. What affect are you seeing on trying to interoperate? > > Robert Relyea wrote: > >>Hi Priit, >> >>No, you do not have to support those Netscape-specific attributes you >>see (in the vendor specific portion of the space). You do have to >>tolerate searches for these objects and attributes, but it's quite ok to >>say those objects don't exist. If you aren't building a generalized >>storage token, this is probably the correct semantic (you don't need to >>store CRL's or S/MIME cert records -- even to get S/MIME to work). >> >>The only object that might be useful for tokens would be the trust >>attribute. I will be righting up a description of how that works soon, >>and posting it here and to the cryptoki mailing list. >> >>bob >> >>Priit Randla wrote: >> >>> Hello everybody, >>> >>> >>> I'm writing a pkcs11 module for a specific smartcard ( Estonian >>>ID-card ). So far, it kinda works >>>under Netscape 4.7* for both win32&linux. >>>Using fresh Mozilla builds, im having problems i don't quite understand >>>how to approach. >>>Basically, do i have to support those Mozilla-specific >>>classes/attributes i'm seeing in >>> nss-3.3.1/mozilla/security/nss/lib/ckfw/ckt.h? Looks like mozilla >>>keeps searching for objects with those attributes. If yes, then what >>>should i do with them? Also, could some kind person please explain me >>>which functions do i have to program if i'm supporting mechanisms >>>CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA_1 and i'd like both ssl client >>>certs and s/mime to work? >>> >>> >>>Priit Randla >>> >>> >>> >
