We are working on a PKCS#11 module for the MozillaBrowser (using 1.6) for secure email.
On our side we have a smartcard which performs the cryptographic operations for signing and unwrappingKey.
Our Card is a JavaCard, so we have to work with Java on the one side and C on the pkcs#11 side. Between them we convert the data using Hex-representation.
What is working is:
We have two certificates(one for signing and one for decryption) on the card, which are correctly shown in the 'ManageCertificates' MenueFolder.
We can choose these certificates in the Secuirty/Mail-News-Preferences.
The UnwrappingKey operatiopns works correctly, so we are able to decrypt an encrypted mail.
We have problems on the signing side:
- Our cards support a signing operation with a private key.
- Mozilla can�t verify the signed mails and says that the signature is invalid.
- We have a logging mechanism which shows us the pkcs#11 operations and its parameters.
- Mozilla calls C_FindObjectsInit-method just asking for a CKA_VALUE, this value seems not to match with one of our Objects. Do You know which object could be requested by mozilla?
- If we give (in the above case) mozilla the signing certificate, signing seems to work, but the signature can not be verified.
- We used an ASN.1 converter to observe the signed mail. It seems that the messageDigest in that file is different from the one we get in the C_Sign-method.
- Mozilla asks for the modulus of the private key, we give it the modulus of the public key, which should be the same. Can You tell us for what mozilla is using the modulus? (We are not sure if our conversion from the Java BigInteger Class to the C side CK_BYTE is correct.) Do You know how mozilla represent the modulus)
We can give it a 129 Byte 2's Complement or a 128 Bytes 2's Complement without a Signum.
We tried to verifiy the mail with openssl, this programm tells us that the blocksize of the signed mail is incorrect (not 01),. Can You tell us what this could meant, or is there a case where we have to set the blocksize in the pkcs#11 module?
thanx in advance.
Christopher and Sebastian _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
