On 09/11/2013 05:52 PM, Kyle Hamilton wrote: > Elio, > > Thanks for responding. > > IBM Notes reports that the path is invalid. Is there a requirement that > softokn3.chk be in the current working directory? > > -Kyle H softokn3.chk should be in the same directory as softoken. Softoken asked the OS where it was loaded from and then looks for the .chk file in the same directory.
NOTE: it's only needed when in FIPS mode. NOTE2: While it's possible to use softoken directly in your library, it's recommended that you actually use the NSS interfaces. NSS does not export a PKCS #11 interface, it uses it to get access to crypto. Softoken was written to support the NSS need for crypto and keys, and as such does not always have a compliant PKCS #11 interface. Direct access to to softoken from applications is a best effort sort of thing. Some apps (like Java) have special code that knows about softoken and works around it's vagaries. Fixes to softoken issues that don't effective NSS use of softoken is prioritized relatively low. bob > > > On Tue, Sep 10, 2013 at 9:24 PM, Elio Maldonado Batiz < > elio.maldonado.ba...@gmail.com> wrote: > >> Hi Kyle, >> >> nss3.dll is a not PKCS #11 module as it has no crypto, softokn3.ddl (.so) >> and freebl3.sll (.so) do. softoken is nss's own internal PKCS #11 >> cryptographic module which nss loads just like any other pkcs #11 module, >> software or hardware based. >> >> Good starter documents are >> https://developer.mozilla.org/en-US/docs/NSS_reference and >> https://developer.mozilla.org/en-US/docs/NSS#Background_Information >> and https://developer.mozilla.org/en-US/docs/NSS/NSS_API_GUIDELINES has a >> layering diagram >> >> -Elio >> >> >> On Sat, Aug 24, 2013 at 6:02 PM, Kyle Hamilton <aerow...@gmail.com> wrote: >> >>> Hi, >>> >>> I'm finding myself in a situation where I need to use the certificates >> and >>> keys stored in my standard NSS profile in other applications. >>> >>> My initial, naïve idea was that NSS itself is a PKCS#11 module. >>> Unfortunately, this appears to be not the case. When trying to find the >>> right DLL to load into IBM Notes I found that nssckbi.dll is recognized >> as >>> a valid PKCS#11 module, but nss3.dll is not. (Neither are nssdbm3 or >>> nssutil.) >>> >>> Is there any plan to export the NSS softoken functionality as an actual >>> full PKCS#11 token? Or is it intended never to actually operate as such? >>> >>> -Kyle H >>> -- >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >> -- >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >>
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
