David Stutzman wrote: > Biswatosh wrote: >> A small question. Suppose one NSS user migrates to another >> application of NSS and wants to retain his certs and keys kept in >> the cert and key database (cert8.db and key3.db) of the first >> application. Is it enough then, to just copy these two files and not >> secmod.db ? Or, he needs the secmod.db also? > > Biswatosh, > > You should copy over all 3 of the .db files as they all work together. > There isn't really a good reason to only copy 2 of them.
I disagree. Cert and key DB should be moved/copied as a pair. It is not necessary to also move/copy the secmod.db, and indeed doing so may cause problems. secmod.db contains path names of PKCS#11 modules. Typically each application has its own configuration of PKCS#11 modules. One typically does not want one application to be using another application's PKCS#11 modules. When that happens, and you remove/uninstall one appliation whose PKCS#11 modules are being used by another, you break the other applications. We see this from time to time when a FireFox user copies his secmod.db to a Thunderbird profile (or vice versa) then installs a new copy of FF in a different directory and uninstalls the old copy. Then TB stops working because its secmod.db references the PKCS#11 module in the (now removed) FF directory. FF users who are trying to copy those files from one "profile" to another should copy the cert and key DBs and also the file of encrypted passwords, but not secmod.db. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
