On Friday 12 of June 2009 15:49:37 Claes Jakobsson wrote:
> I don't think it would be necessary to pre-login to any token at all
> since that'll be done automagically via NSS and the handling PKCS#11
> module. If we just import the PEM file to a cert and keep it's name
> around we should be fine.
>
> <source chunk removed/>
>
> > I wonder if nss_Init_Tokens() can be eliminated altogether. I
> > suspect that the call to PK11_SetPasswordFunc(nss_get_password) will
> > still be required somewhere.
>
> It'll still be required since that is what is called by
> PK11_FindCertByName with the PinArg set on the socket. I might have
> been a bit unclear on that bit in my mail.
>
> /Claes

If I understand it enough, you want to replace call of nss_Init_Tokens()
with call of PK11_SetPasswordFunc() completely? I'll try it with the NSS
database and PEM cert/key. If it works, then it should be ok. Since I have
no HW token, I let you play with that. Thanks in advance!

Kamil
Received on 2009-06-12