Re: X509 Client certificate - how to prompt user for Master Password

Thanks Subrata, I'm doing it in a SWT browser widget, i.e. non-command line. mozilla 2/ XulRunner 1.8. The strange thing is the nsIX509CertDB.importPKCS12File comes up with the proper dialog window, as to do the notifications of entering an encrypted page and notifications if the URL doesn't equal

Re: Working on Perl bindings for NSS

The Perl or Python bindings could be a great way to test NSS. Right now we test NSS by writing a few versatile C programs and using shell scripts to drive the test programs. Using the Perl or Python bindings, we could potentially have access to a larger subset of the NSS API and exercise that usi

Re: Working on Perl bindings for NSS

Wan-Teh Chang wrote: On Wed, Sep 24, 2008 at 2:28 AM, Claes Jakobsson <[EMAIL PROTECTED]> wrote: Hi, I just wanted to drop a note saying that I'm working on Perl bindings for NSS. I saw there was a previous discussion about using SWIG but imho swig doesn't produces a very Perl-like API. I'm

Re: X509 Client certificate - how to prompt user for Master Password

Will, I am cross posting m.d.t.crypto where it belongs. AFAIK, nsIPK11Token.login() expect that you are running within browser because it prompts for password using XUL based dialog window. If you are running in non-browsser environment (command-line) then you have to supply your own password p

a small set of claims

Nelson Bolyard wrote: > Ian G wrote, On 2008-09-24 05:12: >> Nelson B Bolyard wrote: >>> Ian G wrote: Nelson B Bolyard wrote: The curiosity here is that the Certificate Policies extension may not be shown prominently by software. As the point of the cert is to make some claim t

Re: questions on root creation

Nelson Bolyard wrote: > The 3 sets of claims used for SSL servers have names "DV", "OV" and "EV". > Of those, EV is well defined and documented. DV is pretty well understood > but I don't know of any document that defines it very well. OV is the > least well defined, which is why browsers do not

Re: Generate PKCS12 not containing CA certificates

On 24 sep, 20:08, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Paco wrote, On 2008-09-24 04:17: > > > On 22 sep, 21:19, Nelson B Bolyard wrote: > > you can't also export a pkcs12 containing just CA certifcates, which I > > belive is something accepted in the pkcs12 standard, > > Mere certificates

signtool verification error

Hi, I have an xpi which is to be signed, then verified with signtool. echo Signing %1 "%SIGN_TOOL%" -d "%CERT_DB%" %3 -Z %1 -k "%CERT_NAME%" -p "%CERT_PWD%" %2 if not ERRORLEVEL 0 exit %ERRORLEVEL% echo Verifying signature of %1 "%SIGN_TOOL%" -d "%CERT_DB%" -v %1 if not ERRORLEVEL 0 exit %ERRORL