I also have successfully used ActivCard Gold's PKCS#11 library successfully with my Communicator browser. However if one were to take that same PKCS#11 library (in the case of ActivCard, that would be their acpkcs.dll) and added it to the NSS secmod db, and then wrote an NSS client app that attempted to read and use the cert of an ActivCard for SSL client authentication, one would probably get the same errors I got: "key not authorized for requested operation", or "unable to digitally sign data required to verify your certificate".
My point is that the commercial PKCS#11 libraries (such as ActivCard Gold) that work fine with Communicator, don't necessarily work with a *non-browser* NSS app. And I can't figure out why. -- P "stephane saux" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Mozilla can use PKCS 11 modules and uses NSS. Cert enrollment, > deletion, change token password, import, client auth, signing and > encrypting have been tested successfully. IButton, and ActivCard Gold > work for example. > > Patrick wrote: > > >About PKCS#11 and NSS: > > > >My NSS app was able to read a cert off a smartcard but *failed* to use > >it for SSL client authentication. I have used a couple of different > >PKCS#11 libraries with NSS, and the error message I get back are: "key > >not authorized for requested operation", or "unable to digitally sign > >data required to verify your certificate". > > > >I then got hold of another version of same PKCS#11 lib (this version > >came as a sample DLL in card provider's SDK, and the documentation > >states: "Warning! The PKCS#11 library shipped with this distribution is > >different from the one shipped with commercial product, offering support > >for Netscape Communicator.". That version of the PKCS#11 lib *worked > >fine* with my NSS app: the app could read *and* use the cert for SSL > >client authentication. The thing I don't get is, what wouldn't the > >first version not work with my NSS app? Especially if it geared to work > >with Communicator, which *is* an NSS app! > > > >Have you experimented any with PKCS#11 modules, and their use in NSS? > > > > > >-- P > > >
