robert dugal wrote: > I want to configure Firefox 1.5 to use my own PKCS11
provider as the > default for all algorithms supported by my provider. I
cannot appear to > do this from the "Device Manager" dialog as that dialog
has no way to > set specify which algorithms should default to my library.
The NSS > utility modutil has the ability to install the p11 provider and >
configure which algorithms are default. Unfortunately modutil is not >
distributed with Firefox. When I got the v1.5 source tarball modutil >
source is there but I cannot get it to build. I tried several different >
binary releases NSS (3.9, 3.10,3.11) but in all cases modutil only > allows
specifying some algorithms as the default mechanisms. AES is not one of
these so the internal NSS provider always ends up being the default.
You found a bug! AES wasn't added to modutil when it was added to
everything else in NSS. Please file a bug about this in
bugzilla.mozilla.org, product NSS, component tools. And CC me in the bug
report. (Remove NO and SPAM from my email address to get the real one)
I will enter the modutil bug report today. I tried modifying modutil to set
the AES bit and it appears to set the bit in the database but Firefox still
doesn't appear to use my provider as default for AES so there is probably
some additional coding changes required. I haven't had enough time to debug
it yet to see what is going wrong.
> Is there any other way to configure my provider as the default?
Is the -jar installation command still supported with modutil? I have not
been able to figure out how to get it to work. I tried using the jar file
built in security/nss/lib/fortcrypt but it doesn't appear to install either.
Is there any way to use XPInstall to install and configure my provider? A
solution not requiring modutil would be preferrable.
Are you sure that's really what you want to do? Does your module implement
all the SSL-related PKCS#11 mechanisms? If not, it may be necessary to move
keys from one module to another, which is typically quite costly (in terms
of performance).
--
Nelson B
My provider does implement almost every algorithm that NSS does. It
currently doesn't do the SSL/TLS mechanisms but I will be adding them too.
It doesn't support the NSS vendor specific attributes that the NSS softtoken
does but I'm hoping they aren't necessary. The provider implements
additional algorithms that are not in NSS and I am modifying Firefox to
support some new ciphersuites for NSA Suite B cryptography, which will be
defined in a soon to be published IETF draft.
Rob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
