Thank you for your input. It is a pity, some general non Netscape
related tasks (e.g. opening an SSL socket using certificate/keys on a
card) are so nice to implement with JSS, while other trivial task are
(close to) impossible.
I guess the key is located based on the ID, calculated by
PK11_MakeIDFromPubKey.
I see your address is @netscape.com, the following might be interested
for you: I came accross a piece of code wihich quite looks like a bug:
in the body of GenerateCertRequest(...) in PK11Token.c:
if( GenerateKeyPair(env, ktype, slot, &pubk, &privk, keysize,
dsaParams) != SECSuccess) {
#ifdef DEBUG
printf("Error generating keypair.");
#endif
}
#ifdef DEBUG
printf("before make_cert_request");
#endif
req = make_cert_request (env, subject, pubk);
If GenerateKeyPair fails, an error message is output and nevertheless
make_cert_request is called with pubk = 0, and then it uses that null
pointer, causing access violation - at least that is what happened
when I called the function and the token was full.
Regards,
Assen
Jamie Nicolson <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> importCertxxx() puts the certificate on whichever token contains the cert's private
> key. This is a holdover from the days of Communicator, when you would go to
> Verisign, generate the key, then later get the cert and import it.
>
> I don't think there's a way to do what you want with NSS. Generally, NSS performs
> high-level, application-specific functions and doesn't allow such fine-grained
> control. This way application developers who don't understand the intricacies of
> the NSS implementation are less likely to shoot themselves in the foot.
