Your choices are: (a) try to generate a session object, or (b) try to generate a token object in the "Certificate DB" token (which might work).
OK, I'll give that a try. Presumably I have to use C_Login to gain write access to that token? I have written another mini test program and login to that token, which succeeds, however the token still has CKF_WRITE_PROTECTED set from C_GetTokenInfo.
For the Certificate DB slot?
I encourage you to take a look at http://lxr.mozilla.org/mozilla/source/security/nss/lib/softoken/pkcs11.c#2922
which is the source to NSS's C_GetToken Info. You'll see that this function
returns one of four combinations of flags:
1. CKF_RNG | CKF_WRITE_PROTECTED | CKF_THREAD_SAFE;
2. CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED;
3. CKF_THREAD_SAFE | CKF_USER_PIN_INITIALIZED;
4. CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED;
The WRITE_PROTECTED flag is only (and always) set for a slot that doesn't have an open key DB. So, either (a) you're checking the "Generic" slot, or (b) the key DB really isn't open in the Certificate DB slot.
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
