Akkshayaa Venkatram wrote: >> From the mozilla tree, >> http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109 >> >> >> I want to call the PK11 functions for encrypt, decrypt, sign, verify, >> etc.. from my Firefox extension that is written in javascript.
Robert Relyea wrote, On 2008-11-26 10:14: >> I looked at the XPCOM IDL's for PKCS11 and only one very few functions >> are implemented in that to be called from the javascript. If i have to >> be able to call the other PK11 functions that works with my smart card >> device, from the javascript file, what is the best solution ? >> >> Are these functions implemented in any existing IDLs? >> Should i write a new XPCOM Interface that links to these PK11 functions? > There is every little PK11_ functions is exported right now, it pretty > much happens when someone has a need (like PSM Chrome). > That being said, must of the functionality for PK11_GenerateKeyPair is > available through either: > > 1) the keygen tag (I'm not sure how you reach it from XPCOM, but I'm > pretty sure it's reachable). --- or --- > 2) the crypto.generateCRMFRequest() object off of the window. (see > hhttps://developer.mozilla.org/en/GenerateCRMFRequest) > > both of these are available to web pages as well as extensions. I would add that we do NOT want to allow ordinary web pages to generate keys and sign or decrypt stuff using the user's private keys without his knowledge. That would be a big security hole. So rather than giving javascripts raw unfettered access to PKCS#11, our practice in the past has been to provide other APIs by which the script can request certain actions, but sufficient UI is provided to ensure that the user remains in control of how his private keys are used at all times. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
