[OpenCA-Devel] generate key pair on smart card through pkcs11 module on OpenCA

[Antonio A]

dear friends of OpenCA,
i have a little question about keys pair generation
process on PUB module of OpenCA. 

i installed a pkcs11 module on mozilla firefox to
manage a security device (smart card). with the module
i have been able to import and delete certificates,
generate keys pair sucessfully. 

when i want to generate a CSR on PUB module of OpenCA
through "Request a certificate with automatic
browserdetection" link (after filling the fields of
the form) the browser generates the keys pair (inside
the smart card) and CSR sucessfully.

my question is how does OpenCA communicate with the
browser to perform cryptographic functions such
generating keys pair?, (i mean how OpenCA interacts
with pkcs11 module installed in the browser).

in OpenCA/src/common/lib/cmds/basic_csr file there are
some functions executed according to an "operation"
variable: client-confirmed-form in which generating a
keys pair appears:

...
## add the key
## Delete ^M
my $NEWKEY = $query->param('newkey');
$NEWKEY =~ s/\015|\n//g;
generalError (gettext ("The keygeneration of the
browser failed. SPKAC is empty."))
if (not $NEWKEY);
$spkac .= "SPKAC = $NEWKEY\n";

if( not $req = new OpenCA::REQ (SHELL  =>
$cryptoShell,
                                          GETTEXT=>
\&i18nGettext, 
DATA   => $spkac,
                                                INFORM
=> "SPKAC" )) {
                    generalError( gettext("Error while
creating REQ object.").
                                  "
".$OpenCA::REQ::errval, $OpenCA::REQ::errno );
                }
...

...
} else { ## this is server mode
                ## generate keypair
                my $TempDir = getRequired( 'tempdir'
);

                ## Get the parameters
                my $keyFile     = "$TempDir/key_${$}.pem";

                ## create the key
                if( not $cryptoShell->genKey(
                                             BITS     
=> $bits,
                                             OUTFILE  
=> $keyFile,
                                             ALGORITHM
=> $alg,
                                             PASSWD   
=> $PASSWD ) ) {
                    generalError (gettext ("Cannot
create keypair!").
                                 
"<br>".$OpenCA::OpenSSL::errno,
                                 
$OpenCA::OpenSSL::errno);
                }
...

do these functions perform the key pair generation?
and what do these functions use to do that?

best regards

antonio araujo



__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/ 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel