On Mon, Jul 7, 2008 at 8:17 AM, avih <[EMAIL PROTECTED]> wrote: > > Also, I tried using softokn3.dll copied to a new directory (from > Firefox 3 installation) as a starting point. After it complained while > loading, I added more and more files untill it loaded properly. I > ended with the following files in a clean directory: > > softokn3.dll > freebl3.chk > mozcrt19.dll > nspr4.dll > nssutil3.dll > plc4.dll > plds4.dll > softokn3.chk > sqlite3.dll
Yes, this is the correct list of files you need to use softokn3.dll as a standalone PKCS #11 library. There is an optional DLL nssdbm3.dll for accessing the old Berkeley DB. (Firefox 3 is still using nssdbm3.dll.) mozcrt19.dll is only needed when you use the NSS binaries from a Firefox 3 installation. If you build NSS from source code, you won't need mozcrt19.dll. > The dll now loads ok, I got the function list pointer ok, but every > pFunctionList->C_Initialize(&ArgsInitialize) call that I tried (both > valid and invalid combination of arguments) returns with an error code > 48 (CKR_DEVICE_ERROR). > > I've read about a config file, but couldn't quite understand if it > only relates to java binding, how to use such file, I've read about > pointing it to a db file, but couldn't quite find examples of such > usages, and generally, how to make the dll load properly, initialize > and function as a working pkcs11 front-end with a soft-token back-end. The following wiki page documents how to initialize the NSS softoken for the FIPS mode of operation: http://developer.mozilla.org/en/docs/FC_Initialize The key difference is that you need to use NSS's extended CK_C_INITIALIZE_ARGS structure, which has a LibraryParameters field. The wiki page has two examples of the LibraryParameters strings, with a link to the specification of that string. In the NSS source tree, pk11mode.c is a test program that demonstrates how to use the softoken in FIPS and non-FIPS modes: http://lxr.mozilla.org/security/source/security/nss/cmd/pk11mode/pk11mode.c Finally, you can refer to our FIPS Security Policy (pp. 4-5 and 28-31) for how to use the softoken as a standalone PKCS #11 library: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814 Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
