Hi everybody. I'm developing a PKCS11 module, and now I'm carrying out
some tests requesting personal certificates to a proper PKI, and using
the pkcs11 module to import the new certificate, private key and CA
certificates to a smartcard.
Well, when I request a new personal certificate using Mozilla, NSS
indicates to the pkcs11 that a new key pair must be generated. A new
private key is generated then in the smartcard, and a new private key
token object replaces the old.
When the cert request has been validated and I try to import the new
certificate, NSS indicates to pkcs11 module to create a new certificate
token object (C_CreateObject() method is invoked).
Well, arrived at this point my question is: why it doesn't happen the
same with the CA certificate when I Try to import it?. Why nss doesn't
generates a new order's sequence to create a new certificate object
which corresponds to the CA certificate?. The only Mozilla does is to
import it to its database.
Regards,
Antonio.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
