On 2009-09-11 13:12 , Klaus Heinrich Kiwi wrote: > I don't know what it was, but now I can load opencryptoki as a PKCS#11 > modules in my systems. I've tried with the software token, TPM token and > the ICA token. Loaded the modules with modutil and generated key > pairs/certificates/cert requests using certutil. I was also able to load > them using Firefox 3.5.2.
Woo Hoo! Congratulations! > Note that "some" NSS versions will require the following patch to > opencryptoki in order to work: > http://permalink.gmane.org/gmane.comp.encryption.opencryptoki.tech/2 > (but I was able to use the distro version shipped with Fedora11 without > problems - don't know exactly why atm) I think you can assume that ALL NSS versions will require that opencryptoki be patched with that patch. > I'm still looking for a way to test NSS while offloading crypto > operations to opencryptoki though. NSS's PKCS#11 module configuration file "secmod.db" contains information telling NSS which module to use by default for operations that have no affinity to any existing token/slot by virtue of location of existing keys or other objects. You can set these "default" flags using the "modutil" program. I suggest you try that with your RSA public key ops first, and see what happens. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
