Re: [Fed-Talk] Apple tokendPKCS11.so - Another fail?
Re: [Fed-Talk] Apple tokendPKCS11.so - Another fail?
- Subject: Re: [Fed-Talk] Apple tokendPKCS11.so - Another fail?
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 3 Sep 2009 15:31:33 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Apple tokendPKCS11.so - Another fail?
On 9/3/09 1:01 PM, "Disiena, Ridley J. (GRC-VO00)[DB Consulting Group,
Inc.]" <email@hidden> wrote:
> The PKCS#11 Shim in Snow Leopard works with our PIV Cards / Authentication
> Certificates with 2048 key size:
> It also works with Safari after a proper identity preference is set.
Safari uses securityd directly, not the PKCS#11 module. I know Safari works
(as much as it did in Leopard, but no better) and that's not a problem for
me. However, I can't get FF to work with the new module and my card.
> Not sure why it isn't working for your CAC. I would test the other
> functionality of the CAC.tokend [ desktop login / filevault user creation with
> tokenadmin] and verify with other web sites and other CAC cards.
I'm actually getting SSL_ERROR_SIGN_HASHES_FAILURE. Running FF with
NSS_DEBUG_PKCS11_MODULE set gives me this:
-1335791616[1a63a0e0]: C_Sign
-1335791616[1a63a0e0]: hSession = 0x2
-1335791616[1a63a0e0]: pData = 0xb061679c
-1335791616[1a63a0e0]: ulDataLen = 36
-1335791616[1a63a0e0]: pSignature = 0x1b8c9240
-1335791616[1a63a0e0]: pulSignatureLen = 0xb06166d8
-1335791616[1a63a0e0]: *pulSignatureLen = 0x80
-1335791616[1a63a0e0]: rv = CKR_FUNCTION_FAILED
This happens when I use both the CAC and PIV tokends (my CAC is a CAC/PIV-II
with RSA1024 PIV certs on it.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden