I am an engineer working in mozilla China, I'm going to provide a
solution for Chinese banks which support IE only in China now.
The problem I met is that:
There are many vendors who supply smart-cards for banks, they have
implemented the pkcs#11 modules(maybe implemented most parts of
pkcs#11).There are two kinds of certificates in the smart-card, one
for personals, and one for bank which should be added to the clients'
trusted certificates list. We can add their pkcs#11 security module
into the secmod.db which is done by an installer made by banks. So,
when starting Fx, it loads all the security modules in the secmod.db
and load certificates into certificates list through PKCS#11 APIs
aotumatically. Then we can see the security modules in the Fx security
devices list and the personal certificat in the certificates list.
I am not familiar with the PKCS#11 APIs, maybe they did not
implenment some, so Fx could not load the certificat for bank into the
trusted certificates list.
We can get the certificate for bank now, how to load it into Fx as
root certificate by other programme, not automatically?
I have read the file of "cert.h", there is a function prototype
SECStatus CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage
usage, unsigned int ncerts, SECItem **derCerts,
CERTCertificate ***retCerts, PRBool keepCerts, PRBool caOnly, char
*nickname);
Could I invoke it to solve the problem ?
But the page https://developer.mozilla.org/en/NSS/Certificate_functions
said the function is not available,I am very confused.
Could you give me some advices?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
