OK. The public key is obtained from Sun's classes. It is not an NSS key.
For now, the way to create an NSS/PKCS #11 public key is to call
PK11PubKey.fromRaw(). I believe you can call getEncoded() on the key you
got from the Sun class, and pass that as the raw key to fromRaw().
Patrick wrote:
> The public key is gotten from the certificate stored in certFile (in
> base64 encoding). So the logic looks something like:
>
>
>
> Signature sig =
> nssToken.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA1Digest);
>
> InputStream inStream = new FileInputStream(certFile);
> java.security.cert.CertificateFactory cf =
> java.security.cert.CertificateFactory.getInstance("X.509");
> java.security.PublicKey pubKey =
>
>((java.security.cert.X509Certificate)cf.generateCertificate(inStream)).getPublicKey();
>
> sig.initVerify(pubKey);
>
>
>
> -- P
>
> "Jamie Nicolson" <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> > wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED] ...
>
> Patrick wrote:
>
>>Yes it is. The private key is my NSS internal key token (NSS cert db).
>>
>>-- P
>>
> OK, the private key is on an NSS token. But where did the public
> key come from?
>
>>
>>
>>"Jamie Nicolson" <[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> wrote in
>message
>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>
>>>Well, is it a PKCS #11 public key? JSS can only work with keys that it
>>>possesses. You can't give it a public key you created with the JDK.
>>>
>>>Patrick wrote:
>>>
>>>>I get this error when doing a sig.initVerify(pubKey), using JSS'
>>>>
>>Signature:
>>
>>>>java.security.InvalidKeyException: publicKey is not a PKCS #11 public key
>>>>
>>>>at
>>>>
>>>org.mozilla.jss.pkcs11.PK11Signature.engineInitVerify(PK11Signature.java:17
>>>
>>2
>>
>>>>)
>>>>
>>>>at org.mozilla.jss.crypto.Signature.initVerify(Signature.java:95)
>>>>
>>>>when I use Sun's java.security.Signature, I don't get that error...
>>>>
>>>>-- P
>>>>
>>>>
>>>>
>>>
>>
>>
>
>
