Bug 624547 - attrcrypt should query the given slot/token for
supported ciphers
https://bugzilla.redhat.com/show_bug.cgi?id=624547
Description:
1. To retrieve a certificate from an external token (i.e., not
"internal (software)"), "<token>:<cert_nickname> should have
been passed. The <token> part was missing.
2. The key to be used for encryption and decryption internally
needs to have ENCRYPT and DECRYPT attribute set, respectively.
The correct attributes were not set. Note: these attributes
are automatically set for the softoken in nss, but not for the
external token. This is why attrcrypt worked for the softoken,
but not for the external token. The attributes need to be set
when the key is generated as well as when the key is unwrapped.
3. Adding a code to check if the underlying system supports the
cipher or not before generating a key. If it is not supported,
it issues a message not to choose the cipher for the attrcrypt/
changelog encryption. If none of the ciphers are supported and
if attrcrypt/changelog encryption is enabled, the server fails
to start.