banzai wrote:
Hi all,
I have tried to read all the certificates in NSS.
you probably know this but you of course can use the built in Firefox
Certificate Manager
Options->Advanced->View Certificates
I a little confused by some of the info provided. One you can configure
Sun PKCS#11 provider to
use NSS PKCS#11 implementation but you cannot configure SunPKCS11 to use
JSS at all.
For SunPkcs11/NSS rather than using keytool I think you should write
your own applet and
play with the available api. You should be able to see all the
Certificates you want to.
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS
Instead you can write an applet that loads JSS/NSS; you would not use
SunPKCS11.
http://www.mozilla.org/projects/security/pki/jss/
http://www.mozilla.org/projects/security/pki/jss/provider_notes.html
sample code:
http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/tests/
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html
Note: If you plan on writing an applet that uses JSS in Firefox on
windows please read
the http://www.mozilla.org/projects/security/pki/jss/jss_build_4.2.5.html
One of the issue with an applet is to how to init JSS with the correct
Profile directory
http://kb.mozillazine.org/Profile_folder_-_Firefox#Finding_the_profile_folder
-glen
Unfortunately the
current setting only allowed listing of either soft token certficates
in NSS or the smart card token . My objective is to read all the
certiifates inside the firefox keystores, the soft token and smart
card certificates as in PKCS11ListCert function.
The current setting is:
1) In the nss.cfg
name = NSS
nssSecmodDirectory = C:\Users\user1\AppData\Roaming\Mozilla\Firefox
\Profiles\zgk9nrxt.default
2)In the java.security
security.provider.10=sun.security.pkcs11.SunPKCS11 c:/javadev/
nss.cfg
The run test command: running keytool -keystore NONE -storetype PKCS11
-list -v
Result: It only list soft token certificates
if i switch the configuration to accept the opensc framework
1) In the sc.cfg
name = smartcard
library = C:\windows\system32\my-pkcs11.dll
2)In the java.security
security.provider.10=sun.security.pkcs11.SunPKCS11 c:/javadev/sc.cfg
Result: It lists the PKCS11 - smart card certificates
Reading from the previous groups posts, it lead to the usage of JSS
module as a solution.
I have setup the environement for JSS and tested with the testing
program provided by mozilla. So far so good..
Now, how should i go to set the JSS inside the cfg file ?
name = JSS
library = C:\Program Files\Mozilla Firefox\jss4.dll
and .. it does not work. I can't find jssArgs to replace the nssArgs
as in config.java file
Any configuration guide that i have missed..?
Thank you
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
