On 4/2/2010 10:59 AM, Wan-Teh Chang wrote:
Hi Richard,
You need to download cryptoki.h and other PKCS #11 headers from
the PKCS #11 website: http://www.rsa.com/rsalabs/node.asp?id=2133
The sample code from the NSS FIPS Security Policy was written
with the assumption that the application may not be using full NSS
and just want to use the NSS FIPS crypto module. So it assumes
the application will be using the official PKCS #11 headers, rather
than the (slightly modified) PKCS #11 headers that NSS ships.
Wan-Teh
Thanks Wan-Teh,
My understanding of the FIPS Validation process led me to believe that
modifying any of the source would invalidate the claim of using a FIPS
compliant module. Thus, I thought, I must include only those headers
used to compile the library as it was certified.
If I use the headers from the PKCS #11 website, will the code I write
still be able to claim the use of a FIPS compliant module? Or,
conversely, if I use the headers that ship with NSS am I then not able
to make that claim?
Regards,
-rb
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
