Trust certificates in HW-Tokens

Thu, 26 Feb 2004 22:14:06 -0800

Hi all,

I am aware of the problems of storing trust in Hardware-Tokens. I'd
really like to see Bug#154255 fixed.

I tried to work around this fact by *not* storing the CA fo my
email-Cert on the token. The CA is in the built-in module and it is
marked as beeing trusted for identifying web-sites, emails and authors.

Nevertheless, Thunderbird keeps complaining "Unable to sign message.
Please check, that the certificates specified in Mail & Newsgroups
Account are valid and trusted".

Whats wrong?

If I view my email-cert, it is being shown with the validation-chain, so
the CA-Cert is found. If I view my CA, it is marked as trusted.

I am using the PKCS#11-driver from OpenSC with a Schlumberger Cryptoflex
32K. Card contens are as follows:

opensc>p15dump
Using libopensc version 0.7.0.
Card detected in reader 'Schlumberger e-gate 0'
Connecting... connected.
ATR = 3B:95:18:40:FF:62:01:02:01:04
Looking for a PKCS#15 compatible Smart Card... found.
PKCS#15 Card [OpenSC Card]:
        Version        : 1
        Serial number  : 0000
        Manufacturer ID: OpenSC Project
        Flags          : EID compliant

Enumerating PIN codes... 1 found.
PIN (no label)
        Com. Flags  : 0x3
        Auth ID     : 01
        Flags       : [0x32], local, initialized, needs-padding
        Length      : min_len:4, max_len:8, stored_len:8
        Pad char    : 0x00
        Reference   : 1
        Encoding    : ASCII-numeric
        Path        : 3F0050154B01

Enumerating Private keys... 1 found.
Private RSA key [Private Key]
        Com. Flags  : 0xD
        Com. Auth ID: 01
        Usage       : [0x32E], decrypt, sign, signRecover, unwrap,
derive, nonRepudiation
        Access Flags: [0x0]
        ModLength   : 2048
        Key ref     : 0
        Native      : yes
        Path        : 3F0050154B010012
        ID          : 45

Enumerating Public keys... none found.

Enumerating X.509 certificates... 1 found.
X.509 Certificate [/C=DE/CN=Andreas Marx/emailAddress=Andreas DOT Marx
AT neox DOT de]
        Com. Flags  : 0x2
        Authority   : no
        Path        : 3F0050155501
        ID          : 45

Enumerating data objects... none found.

opensc>

[X.509 actually contains correct DN with email-Adress as being used in
email-Account]

Any help would be appreciated,

Andreas

_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto

Reply via email to