Jaime Hablutzel Egoavil
unread,Apr 10, 2013, 10:45:27 PM4/10/13You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Today I have realized that a buggy PKCS#11 module for a cryptographic token I'm working with is returning a wrong private key for a given certificate, thus when calling org.mozilla.jss.CryptoManager#findPrivKeyByCert for 'cert 1' the private key for 'cert 2' is returned, then my software generates a signature using 'cert 2' private key (thinking it is the private key for 'cert 1'), and in the future validation fails. I will talk seriously with my cryptographic token provider, but in the while I would like to validate that a private key matches the public key in the certificate before generating a signature.
I've done this before with something like:
if(privKey.getModulus().equals(((RSAPublicKey) x509Cert.getPublicKey()).getModulus())){
// priv key matches public key in certificate
}
but JSS is returning null for the modulus in its org.mozilla.jss.pkcs11.PK11RSAPrivateKey
So, two questions actually:
1. Why JSS is returning null for the modulus?, I though it could be made public even for hardware token.
2. Alternatives for matching a private key to a certificate?
Thanks