Anders Rundgren wrote: > Hi, > Is there a way of connecting SUN's java pkcs11 driver to FF and > be able to treat all installed security modules as a single unit? > > Pardon if the question is badly phrased, my experience is mainly > with CryptoAPI which is a bit simpler (primitive maybe). > > I have with the following parameters been able to read all soft certs > but it does not get me to the installed smart card drivers: > > name=NSS > library=c:\Program Files\Mozilla Firefox\softokn3.dll > description=NSS PKCS11 > nssArgs="configdir='c:/Documents and Settings/Administrator/Application > Data/Mozilla/Firefox/Profiles/vyaxk8jd.default' > certPrefix='' keyPrefix='' secmod='secmod.db' flags=readOnly" > slot=2 > > Anders > puzzled
Anders, I'm not sure what you're trying to accomplish, so I will make a guess at it and offer some suggestions based on that guess. I think you're trying to write a program (not any part of FireFox or any other mozilla code) that will use NSS's PKCS#11 module, as well as some number of third party PKCS#11 modules for various hardware devices. You've gotten it to work with NSS's "softoken" PKCS#11 module, but not with other modules (at the same time). Because you mentioned Java, I gather that you're writing this program in Java, and trying to use the new feature of the latest JDK that tries to make PKCS#11 modules look like JCE providers. Unfortunately, I don't know anything about that new Java feature (other than that it exists). (Is that named sunpkcs11 ?) Perhaps there are some other Java crypto developers on this list who can help you. NSS has a lot of code that provides a set of APIs that are quite independent of PKCS#11. You configure NSS to know about all the different PKCS#11 modules that you want to use, and then you call the higher level NSS APIs, and NSS more-or-less magically handles all the PKCS#11 for you. With NSS, it's pretty easy to get a listing of all the certs in all the PKCS#11 modules, regardless of whose modules they are. NSS utility programs, such as certutil, do this quite easily, but they're c programs. For Java, there is a package known as JSS, which is a set of Java classes that use (mostly) Java Native methods to access NSS features. I believe a number of developers on this list have experience with JSS, and might be able to help you with it. There is sample application code for NSS, and also for JSS, in Mozilla's source repository. (NSS and JSS are all open source, in Mozilla's repository.) There is some documentation of NSS on mozilla's web sites. JSS may be better documented than NSS. I *think* the JSS docs are on http://docs.sun.com in JavaDoc format. I hope that some of the Java developers on this list will jump in. Regards, -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
