Hello,
Since I'm newbie to cryptography, please do pardon my ignorance here.
I have been desperately trying to find answer to the issue we are facing.
Setup:
We have 2 Java processes each using IAIK PKCS#11 Wrapper (iaik.pkcs.pkcs11) to
talk to a shared single token NSS (softokn3.dll) .
Each of these Java processes are Http Jetty servers which create the
iaik.pkcs.pkcs11.Session and logs in ( at the time jetty server starts ) :
session = token.openSession(Token.SessionType.SERIAL_SESSION,
Token.SessionReadWriteBehavior.RW_SESSION, null, null);
session.login(Session.UserType.USER, XXXX);
When Jetty servers are shutdown, respective iaik.pkcs.pkcs11.Session are closed.
Problem :
We were expecting that when a Java process (jetty server) updates the token
objects
Example: Java process 1 adds Secret key ->
AESSecretKey aesKeyTemplate = new AESSecretKey();
aesKeyTemplate.getToken().setBooleanValue(true);
AESSecretKey aesKeyNew = (AESSecretKey)
session.generateKey(keyGenerationMechanism, aesKeyTemplate)
The other java/Jetty server process 2 would be able to find and retrieve newly
added key that was added by Java Process 1 through it's session
Example:
KeyHandle keyHandle = null;
keyTemplate.getToken().setBooleanValue(true);
session.findObjectsInit(keyTemplate);
Unfortunately, that doesn't seem to be the case. I had to restart the 2nd Jetty
server and then it was able to see the find the key that was added by 1st Java
jetty process.
Wasn't underlying token/device getting modified by the 1st java/Jetty process ?
if so, wouldn't those created token objects be visible throughout all sessions
from all others processes/applications.
We tried this scenario on SafeNet HSM instead of NSS and as expected, sessions
of respective Java process does get updated. In our opinion, seems like there's
something in NSS that we probably need to work with to get this to work.
Please do correct me if I'm thinking wrong. Would truly appreciate help.
Thanks..
Usha
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
