On 8/26/2011 2:46 AM, helpcrypto helpcrypto wrote: > 2011/8/25 Douglas E. Engert<deeng...@anl.gov>: >> >> The OpenSC pkcs11/pkcs11-display.c has definitions for all these. >> #define CKO_NETSCAPE 0xCE534350 >> >> #define CKO_NETSCAPE_CRL (CKO_NETSCAPE + 1) >> #define CKO_NETSCAPE_SMIME (CKO_NETSCAPE + 2) >> #define CKO_NETSCAPE_TRUST (CKO_NETSCAPE + 3) >> #define CKO_NETSCAPE_BUILTIN_ROOT_LIST (CKO_NETSCAPE + 4) >> >> There are vendor attributes too. > > These are the values im talking about...i guess somewhere must be > documented what they are for.
PKCS#11 allows for vendor defined objects and attributes and NSS implements some soft tokens that can support storing of CA certs, with TRUST, and CRLs and other objects or attributes needed by NSS. You can find the documentations and source for NSS here: http://www.mozilla.org/projects/security/pki/nss/ In Release 3.12 the names are changed from CKO_NETSCAPE_ to CKO_NSS_ with the same values: http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-release-notes.html In the NSS CVS source these are defined in ./mozilla/security/nss/lib/util/pkcs11n.h > >> >> Looks like looking for a CRL. >> >> When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK > > I dont know in OpenSC, but doenst matter if i return 0+CKR_OK or not. > It still ask many times. See this thread: http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg08609.html One of the NSS developers, says you can return CKR_INVALID_ATTRIBUTE and it might stop asking. > >> >> Add to the environment something like this: >> >> PKCS11SPY=/opt/smartcard/lib/your-pkcs11.so >> PKCS11SPY_OUTPUT=/tmp/tb.spy.txt >> >> >> You can use the OpenSC pkcs11-spy.so with TB and your own PKCS#11 module. >> make the pkcs11-spy.so or pkcs11-spy.dll the security device. >> >> >> >> When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK >> > > Thanks a lot for your help. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
