Nelson B wrote: ...
What PKCS11 module is it that isn't willing to give out the CKA_MODULUS from the private key? It is a *public* value, after all.
It's the OpenSC pkcs11 module (www.opensc.org). A PKCS#15 hardware token framework in progress, which contains a PKCS#11 module among openssl-engines, LDAP, kmail and mutt S/MIME support, Mozilla signing plugin etc. pp. It used to be a bit weak in supporting NSS.
The hidden reason for the problem here was: The public key partner to the private key was not set inside the module, at the time NSS was asking for the modulus. I proposed a patch, that returned the CKA_MODULUS attribute's length as the modulus bits value, which is available, and the CKA_MODULUS attribute's value as NULL. BUT, OpenSC's Stef had the, even much better, idea to set the public key reference before NSS asks for it. Hereby, I solemnly declare opensc as NSS-ready now ;)
I invite you to (a) file an NSS bug about this in bugzilla (you can use this message for the initial description), and (b) contribute a patch that fixes this problem to your satisfaction by attaching it to the bug report. Really! This is your chance for fame and glory! :)
I wouldn't mind some fame and glory, if I find the time I'll go for it... actually I am building a so called .NET P/Invoke Layer for NSS to give it to the Mono project. I have much mor side work to do just to get a decent number of NSS-compatible PKCS#11 modules and I regard NSS as the reference, since it is a part of Mozilla, the one-and-only widely used PKCS#11 application.
Cheers
Martin
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
