Hello Subatra,
thx to you and Klaus Kiwi (thx a LOT both of you) I've also been able to
load the module in NSS / Firefox. I'm trying to modify NSS/sdr (or whatever
must be modified) in a way the user's keys for login-storage-cryptography
(mozStorage and its sqlite db) are stored in the tpm. I tried to use other
functions in nsSDR.cpp, but mr Robert Releya told me that there's a problem
with sdr, that it lacks the ability to select the slot which is acted on.
I'm trying to find the best way to either fix that (difficult for me), or
find a workaround (e.g. calling Trouser's API from inside the built-in
crypto-token, and hide the token's keys in the TPM via the API). Maybe you
or Klaus have hints about that?
Anyway, thx a lot for your help!
Marc
"Subrata Mazumdar" <subrata.mazum...@ieee.org> schrieb im Newsbeitrag
news:qlidnxektvdbgjxxnz2dnuvz_hidn...@mozilla.org...
Hi Marc,
I configured the TPM on Dell Latitude D820 running Fedora 8 (Linux
v2.6.26.3-14.fc8 ).
I found that the following link quite helpful :
https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux.
I was able to generate key-pair, PKCS#10 CSR and then import signed
certificate into the TPM like any other smart card.
I used opencryptoki-2.2.5 as PKCS#11 module. I tested the PKCS#11 module
with FF3.0.x.
I would suggest that you download the opencryptoki source and compile and
then install it as root. Follow all the default configuration.
If you are using Ububtu, I recommend that you do not use Firefox that
comes with Ubuntu distribution - download the Firefox from Mozilla.
--
Subrata
Marc Kaeser wrote:
Hello!
Thanks, I've seen the other thread, and I'm very interested in it :-) I
wonder how Subrata Mazumdar managed to load that module - maybe other
versions?
But I must say my problem's still of lower class than loading the module
into NSS for the moment. I've found out the problem of my package. Using
strace, I saw that pkcs11_startup looked for soft links which pointed to
nothing, the files were missing. After that I removed the package, and
tried to build opencryptoki again, from the source found on sourceforge,
cause I thought the libs would all be included, there. But now the lib
libpkcs11_tpm.so is missing, and therefore pkcs11_startup fails to create
the settings for pkcsslotd, and I think that's the problem why I can't
see the tpm-token with pkcsconf -s. I don't know where to find it, but I
hope I'll find out soon :)
Marc
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
