Subrata Mazumdar wrote, On 2008-02-28 17:18: > I have two question about configuartion of PKCS#11 module in Firefox 3: > > - is there any documentation on how to configure MS CAPI as PKCS#11 > module in Firefox 3 and certutil?
MS CAPI is not a PKCS#11 module, and cannot be configured to be a PKCS#11 module. MS CAPI uses MS's own crypto API. One of the NSS developers has done some work to write a PKCS#11 module that interfaces to MS CAPI. That work is not (yet) an official part of NSS, and is not supported (we don't take bug reports on it). Perhaps the author will give us a status update on that work here in this newsgroup. > - Also, is it possible to configure NSS softoken as PKCS#11 module > (like we do in Java to access NSS) within NSS? Uh, NSS's softoken is always configured in NSS, by default. NSS can't run without its softoken, AFAIK. > My motivation is to access the keys/certs from profiles other than > current profile of the browser. Ah, you want to configure softoken to use a different set of databases rather than, or in addition to, the default. The "rather than" case is pretty easy. The NSS library initialization functions (named NSS_Init*) all take an argument which is the path name of a directory in which the DBs are to be found. You just initialize NSS pointing to a different set of DBs. The "in addition to" case is probably a little trickier, and may not work. There is a function named SECMOD_OpenUserDB by which an application can ask NSS to open another PKCS#11 slot/token in the softoken module, after NSS has been initialized, using the DBs from a different directory. See http://lxr.mozilla.org/security/ident?i=SECMOD_OpenUserDB Unfortunately, there are no test programs or example code that use SECMOD_OpenUserDB, and it is not tested as part of our ongoing automated QA. So it may or may not work, and isn't really supported just yet, but may be by the time that NSS 3.12 is officially released. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
