USB does actually have a PKCS#10 device reader profile. If you were to extend that by adding a generic "oh, it also has a device in a slot that performs these functions" layer that was exposed through the device-reader profile, it would be universal -- and universally implemented in the platform itself.
-Kyle H On Thu, Jul 2, 2009 at 3:16 AM, Anders Rundgren<anders.rundg...@telia.com> wrote: > I can't help you with the specific problem [:-(] but I can "help" you > with a diagnostic at least. Which is? Smart card vendors have > spent decades on fighting each other on the spec/middleware > side and naturally we all have to pay the price. > > Tokens for consumers have therefore been [rightfully] rejected on > the pragmatic US market. > > Is there a workaround? Yes, instead of chasing middleware issues > another 10 years or so, I think that "the authentication people" including > Mozilla should define a token with a standard interface that is included > in the platform itself regardless if that is Firefox or Windows. > > The opposite to that is the OpenSC project where every card > profile, vendor, and local country variation is treated as "feature", > while it from a usability point-of-view is really more like a bug". > > Anders > > ----- Original Message ----- > From: "Udo Puetz" <inexg...@googlemail.com> > Newsgroups: mozilla.dev.tech.crypto > To: <dev-tech-crypto@lists.mozilla.org> > Sent: Thursday, July 02, 2009 11:58 > Subject: Problem reading certificate from hardware token > > > Hi all, > I've googled to and fro and have only found another poster having > roughly the same problem as I. The situation is this: > I want to authenticate against a juniper SA 2500 firewall with a user > and password AND a certificate. I have a safenet iKey 1032 token where > I imported the p12 certificate. In firefox (tried 2.0.x, 3.0.x and > 3.5.x) I imported the safenet K1PK112.DLL PKCS#11 module. In the > firefox cryptography module manager I now see the token and can (after > entering the pin) see the certificate. So firefox _can_ read the > certificate off of the token. > But when I go to the juniper firewall website I get the error message > that the certificate can't be found. > When I (for testing) take out the token and import the p12 certificate > directly into the firefox certificate store I can authenticate against > the juniper firewall website with user and pass and the certificate. > So the problem seems to be that in the cyrpto module manager firefox > can read a certificate off of a token and can't read it off when > queried by a website. > Where would you think is the problem? Is it within firefox or a > problem with the third-party pkcs#11 module? (I'm also in contact with > the safenet folks) > Thanks a lot, > regards > Udo Puetz > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
