On 06/09/2010 09:15 PM, 蓝黑王朝 wrote:
> hi,all
>
> I want to create a soft token same as the firefox's "NSS Generic
> Crypto Services" token. I've done many searches, including this group
> for every message with *pkcs*11 in its title, and couldn't find
> answers which would satisfy me. I'd appreciate any pointer or help.
Do you mean write one? You'll need the PKCS #11 spec located here:
There are a number of toolkits that you can use to get started:
All that being said, It's not clear to me what you are trying to accomplish.
1. Do you just want to replace the firefox crypto services with
your own implementation? Which leads to the question why?
2. Are you trying to add additional crypto services, in which case
you will probably have more work than just writing a PKCS #11 module
depending on what you are trying to add.
3. Are you trying to use keys and/or certs that are stored in some
location NSS does not understand?
4. Are you trying to have some or all your of your crypto go
through a peice of hardware?
Tasks 3 and 4 are regularly accomplished by implementing PKCS #11
module. Task 1 seems like a 'why do it' issue for to me, but is
basically the same idea as the hardware take over.
bob
>
> $ modutil -list -dbdir ~/.mozilla/firefox/k7j4kf3l.default 2
>
> Listing of PKCS #11 Modules
> -----------------------------------------------------------
> 1. NSS Internal PKCS #11 Module
> slots: 2 slots attached
> status: loaded
>
> slot: NSS Internal Cryptographic Services
> token: NSS Generic Crypto Services
>
> slot: NSS User Private Key and Certificate Services
> token: NSS Certificate DB
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
