Hi
If you want to work with cert8, even from Java, consider using certutil (via running a command). If you want to sing with a locally-installed X509 (keys are stored on key3.db), I still consider using SunPKCS#11 for attacking softkn3 your best option. Regards On Sat, Jan 10, 2015 at 2:46 AM, Robert Relyea <rrel...@redhat.com> wrote: > On 01/09/2015 08:03 AM, Opa114 wrote: > >> i do. but i want to parse the cert8.db or maybe access this fle in an >> easier way with JAVA. i have to read the file and maybe i have to remove >> and/or add new certificate to it. >> > While there is some documentation on the format of cert8.db, If you are > accessing it from Java inside firefox and you aren't accessing it from JSS, > then you run the risk of corrupting the database. > > If you are just accessing it standalone, then you may have more success, > though that's a pretty complicated route. The file is in the old berkeley > DB format, which means you'll need to access it some how. I doubt there are > java bindings for that code, berkeley stopped maintaining it before Java > existed (it eventually became sleepycat). So first you'd need the old DB > format. > > They way NSS uses the database records is documented here: > http://www-archive.mozilla.org/projects/security/pki/nss/db_formats.html > Even though this says cert7.db, it's basically the same, except cert 8 > databases may contain crls (iirc). > > This doesn't get you signing access. For that you'd need to also access > key3.db, which has it's own set of 'row'/'payload' values, as well as PKCS5 > encoded keys. > > bob > > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
