Thank you very match! How can i call function in the softoken3. when i call the C_Initialize,how can i set the pk11_parameters?
I don't know why test failed at DECRYPT step. I generate key pair use smartcard RSA engine. so the newly generated key pair will be considered valid. NS will use the C_GetAttribuerValue to get the public key . He will use this public key encrypt the message. and Send me the result to Decrypt. but i can't get the right Value. When i send public key to NS, I must do pading or completed valid block ? built in big-endian on a little-endian computer? if the public key is: 64 f6 46 3a 97 2e 83 38 09 57 43 cb ca 41 59 0d 03 35 d6 e4 36 6f 2c fc 63 43 95 c4 fd e2 c4 ed 06 da 9a 21 98 fc 0a 6e 3f 1c ad 3a db 7c 83 2f 14 d0 58 80 02 df dc 96 70 09 00 e3 5b bd 2b 45 what is the NS need to be done? Is Ns set the completed encrypt block ? 2a 5c ce fa 60 d4 78 38 62 bb f1 c9 c2 df 2b a8 10 04 00 05 05 02 0d f7 86 48 86 2a 08 06 0c 30 20 30 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 "Nelson B. Bolyard" <[EMAIL PROTECTED]> ??????:[EMAIL PROTECTED] > After generating a key pair, mozilla tests the key pair to ensure that it > works before considering it valid and using it. > > If the newly generated private key has the CKA_DECRYPT attribute set, > mozilla will encrypt some data with the public key and then attempt to > decrypt it on your token with the newly generated private key. If that > fails, mozilla will treat the newly generated key pair as invalid. > I think your test failed at this step. If a module does not implement > C_DecryptInit then it should not set the CKA_DECRYPT attribute on any > generated private key. > > If the newly generated private key has the CKA_SIGN attribute set, mozilla > will attempt to sign some data using the new private key, and then will > attempt to verify the signature using the public key. If that fails, > then the newly generated key pair will be considered invalid. > > Only after these steps succeed will mozilla consider the new key pair valid. > > Note that mozilla will typically NOT use an external token to do the public > key operations, but rather will get the generated public key value and do > the public key operations in NSS's built-in PKCS 11 token. > > -- > Nelson Bolyard Netscape > Disclaimer: I speak for myself, not for Netscape
