Etienne Loupias wrote:
>
> Thanks a lot for this answer. Now I understand what was wrong.
>
> However, I think there is something wrong in the way Netscape passes the handle to
> the DES3 key in the C_WrapKey function. Indeed, the handle is not a valid handle in
> my token (i.e. no object exists with this handle for my module).
>
> In the other case, for the Unwrapping function, Netscape call the C_CreateObject
> function of my PKCS#11 module before calling my C_UnWrapKey. Then Netscape passes to
> my C_UnWrapKey() the handle to the secret key object it has just created with my
> module. So for unwrapping, I can get the unwrapping key.
>
> But for the wrapping, Netscape doesn't call my C_CreateObject before calling my
> C_WrapKey. As I understand it, may be the handle to the wrapping key refers to the
> Netscape softtoken, because it hasn't called my C_CreateObject.
>
> Have you experienced this problem ? Could it be a bug of my Netscape version ( I use
> Communicator 4.75 on Win98). Is there a way to access the secret key in Netscape key
> database ?
>
> I hope this is not too much OT and that you can tell me what you think of this.
I suspect this is a bug in Netscape's PKCS#11 implementation.
Are you returning the DES3 mechanism in the list of supported
mechanisms? I believe Netscape will try to use 3DES for private key
export even if the library doesn't handle it.
You might also see if adding the PKCS#12 derivation mechanisms causes it
to try to derive a key.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
