User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:184.108.40.206) Gecko/20060921 Ubuntu/dapper-security Firefox/220.127.116.11 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:18.104.22.168) Gecko/20060921 Ubuntu/dapper-security Firefox/22.214.171.124 When I try to generate a signing key with a CA to my Aladdin eToken, it fails, because eToken allows only to generate signing OR encryption keys, not both. (actually there is a workaround called split key). Reproducible: Always Steps to Reproduce: 1. get an eToken 2. configure it with opensc-pkcs11.so 3. try to generate a key with a CA Expected Results: libnss should set CKA_ENCRYPT or CKA_DECRYPT attribute at least in the pPrivateKeyTemplate attribute of C_GenerateKeyPair. Yes, I guess that there is not interface yet to figure the key usage out. It could be made an optional attribute of the keygen tag, and if it is missing, then could be asked from the user, just like the key length. (I tried to report this bug once today, but could not find it. Sorry if it reported twice.)
I have several eToken devices, and they all work fine with NSS. I wonder why they work for me and not for the reporter.
Assignee: nobody → kaie
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Summary: Key generation with chipcard gives wrong key usage → Cannot specify key usages with KEYGEN tag
Version: unspecified → 1.9.0 Branch
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Resources are not being allocated to improve keygen.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.