On Tue, Jul 8, 2008 at 8:53 AM, avih <[EMAIL PROTECTED]> wrote: > > Still couldn't manage to C_Initialize. I copied the entire > initialization sequence from pk11mode.c, and it still always return > CKR_DEVICE_ERROR. > > I tried without any cli args (default values), tried the mozilla line of > library initialization (copied from the FC_Initialize wiki page) , > while pointing the path to a new directory that I created that contains > all of the profile files (without any subdirectories), added the > nssdbm3.dll because when I pointed it to a firefox profile, it would > probably use the berkly DB files of firefox (cert8, key3, secmod ?), > tried both fips and non fips modes ([F]C_GetFunctionList ), all to no > avail. It always fails to initialize with the same error value.
The only suggestion I have is to check that you have all the required files. I suggest that you first try NSS 3.11.4 (with its dependency NSPR 4.7.4): https://ftp.mozilla.org/pub/nspr/releases/v4.6.4/ https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/ and follow the instructions in the NSS 3.11.4 FIPS Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp814.pdf After you get that working and gain some familiarity with NSS, we can then switch to NSS 3.12 (the NSS version in Firefox 3). > Also, what I've done so far was trial and error stuff. I'd still > appreciate a more complete procedure to create such stand alone > soft-token pkcs11 instance. > > i.e.: > > 1. What minimal set of DLL/DB/Other files should I use (let's keep the > discussion to a firefox 3 installation, possibly with a new user profile > as the base for these files) and where should I put them? This should be the files documented in the NSS 3.11.4 FIPS Security Policy. For Firefox 3/NSS 3.12, add the following new files: - nssutil3.dll - nssdbm3.dll - sqlite3.dll > 2. Can I use no DB files and let the library create them on the fly? > what are the consequences? Can I use the firefox DB files instead? what > are the implications/limitations of that? What should I know about those > DB files? If there are no DB files, the C_Initialize call should create blank DB files on the fly. For standalone NSS softoken, you don't need secmod.db. You only need cert8.db and key3.db. > 3. what possible/minimal-set values of LibraryParameters would be > compatible with such stand alone instance? The LibraryParameters value in the NSS 3.11.4 FIPS Security Policy is the minimal set of values. The possible values are documented in http://developer.mozilla.org/en/docs/PKCS11_Module_Specs Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
