Re: multiple pkcs 12 files vs. firefox software pkcs 11 module...

2008-10-31 Thread [EMAIL PROTECTED]
> NSS_Initialize will not add a new database, but there is a call that > will.:https://developer.mozilla.org/en/NSS_PKCS11_Functions#SECMOD_OpenUserDB > When you are through you can get rid of close the database > with:https://developer.mozilla.org/en/NSS_PKCS11_Functions#SECMOD_CloseUserDB

Re: multiple pkcs 12 files vs. firefox software pkcs 11 module...

2008-10-28 Thread [EMAIL PROTECTED]
On Oct 28, 5:10 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote, On 2008-10-28 13:29: > > > From what I have read, the internal pkcs 11 data store is protected by 1 > > master password. Is there a way to store my keys in the firefox pkcs 11 >

multiple pkcs 12 files vs. firefox software pkcs 11 module...

2008-10-28 Thread [EMAIL PROTECTED]
Hi All, To securely store my public / private key pairs for my firefox extension it seems like I have two options - 1) to create pkcs 12 password protected files for each one or 2) to add the keys to the internal pkcs 11 data store in firefox. I would prefer to use a data store as opposed to indi

Re: storing custom public key / private key pair securely in Firefox

2008-10-24 Thread [EMAIL PROTECTED]
new slot? Thanks, Dan On Oct 14, 2:18 pm, Robert Relyea <[EMAIL PROTECTED]> wrote: > Nelson B Bolyard wrote: > > [EMAIL PROTECTED] wrote, On 2008-10-13 13:52: > > >> I have a crypto library which I connect to a Firefox extension using > >> Xpcom. The libr

storing custom public key / private key pair securely in Firefox

2008-10-13 Thread [EMAIL PROTECTED]
Hi, I have a crypto library which I connect to a Firefox extension using Xpcom. The library generates custom size public and private key pairs which I would like to store securely in Firefox. How would this be done? Thanks, Dan ___ dev-tech-crypto ma

libpkix quality (was: libpkix (was Re: NSS 3.12 codesize hit))

2007-08-15 Thread [EMAIL PROTECTED]
On Aug 9, 10:48 pm, "L. David Baron" <[EMAIL PROTECTED]> wrote: > On Sunday 2007-07-22 04:40 -0400, Mike Connor wrote: > > > On 22-Jul-07, at 2:59 AM, Robert Sayre wrote: > > > That doesn't sound reasonable. We are going to accept a very large > > &g

Re: Signtool error message "No more entries..."

2007-08-01 Thread [EMAIL PROTECTED]
Nelson, * Many thanks for the reply. I thought that "PvkTmp: 99ace907-0a0c-4066-bd60-751431d09f92" is too complex for the NSS and tried to do something with it. Problem was solved by changing friendly name of the cert. I added my cert into IE certificates db, corrected field "friendly name" (the

Signtool error message "No more entries..."

2007-07-28 Thread [EMAIL PROTECTED]
Hi I'm trying to sign Firefox plugin with a certificate. Cert is located in .pfx file. I successfully created local db and added my cert into it. "certutil -L -d ." shows the following: PvkTmp:99ace907-0a0c-4066-bd60-751431d09f92 u,u,u. When I try to sign my dir with signtool -d . -

Cryptographic provider list does not show up in Firefox

2007-03-20 Thread [EMAIL PROTECTED]
Hi, all gurus on board, I guess this must be the right group for my question. I am working on a web-based certification authority application, from where users can apply for X.509 digital certificates. On the certificate application web form, I have a dropdown list of cryptographic providers. T

BBC links:Privacy Concerns over States/Corporations'Use of Personal Info

2006-12-23 Thread [EMAIL PROTECTED]
Hello, The BBC news articles below address privacy concerns over states' and corporations' use of personal data. I think you will find the links useful. Thanks, Mashi The basic summary is the following: 1. States collect personal info by various methods (eg:CCTV/closed-circuit TV in roadways). Co

Re: AES in CFB128 mode?

2006-10-26 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > Allan (beaufour), you should be able to build the CFB128 mode > yourself using the ECB mode as a primitive. It seems > straightforward to me (because 128 is the block size, you > don't need to shift). This way you don't need to wait for > the support of AES in CFB128 mode

Re: Help on building NSPR, NSS on Windows

2006-10-25 Thread [EMAIL PROTECTED]
Nelson B wrote: > Frank Lee wrote: > > Found Cl to be from Microsoft Visual Studio 8 > > Right. It's Microsoft's version of "cc", the c compiler. > > > cl -Fonow.obj -c -W3 -nologo -GF -Gy -MD -O2 -UDEBUG -U_DEBUG -UWINNT > > -DNDEBUG=1 -DXP_PC=1 -DWIN32=1 -DWIN95=1 -D_PR_GLOBAL_THREADS_ON

Re: Help on building NSPR, NSS on Windows

2006-10-25 Thread [EMAIL PROTECTED]
Julien Pierre wrote: > Frank, > > Frank Lee wrote: > > sh ../../build/cygwin-wrapper > > cl -Fonow.obj -c -W3 -nologo -GF -Gy -MD -O2 -UDEBUG -U_DEBUG -UWINNT > > -DNDEBUG=1 -DXP_PC=1 -DWIN32=1 -DWIN95=1 -D_PR_GLOBAL_THREADS_ONLY=1 > > -D_X86_=1 > > -DFORCE_PR_LOG > > /cygdrive/c/Frank_L

Cert signing API

2006-10-25 Thread [EMAIL PROTECTED]
Hi, I noticed that the certhigh/ and certdb/ provide some certificate related APIs. But there is not API in signing a certificate. In the cmd/certutil.c, it has a few functions that sign certificates and certificate request. Shall we provide some cert signing API from the NSS library itself? W

Re: Help on building NSPR, NSS on Windows

2006-10-25 Thread [EMAIL PROTECTED]
done for NSS lib and I am not good at gmake to be able to change gmake rules. Please let me know if you get pass this problem. Wei Frank Lee wrote: > Hi, > while trying to build NSS using instructions from [EMAIL PROTECTED]'s > thread below on "Help on building NSPR, NSS on Wind

HASH_* and Sign APIs

2006-10-23 Thread [EMAIL PROTECTED]
Hi, HASH_* APIs provide a good wrapper for the hashing algorithms. But secsign.c does not use any of these. It instead calls create/update/end directly on the hash context. Would it be better to use HASH_* APIs in secsign.c? Wei ___ dev-tech-crypto

Re: Help on building NSPR, NSS on Windows

2006-10-16 Thread [EMAIL PROTECTED]
own option '/cygdrive/c/mozilla/m ozilla/security/dbm/src/../../../dbm/src/h_bigkey.c' cl : Command line error D8003 : missing source filename VC++ is dumb and treat the path as an option. Wei [EMAIL PROTECTED] wrote: > Thanks! > > It turns out that the file "configure" ha

Re: Help on building NSPR, NSS on Windows

2006-10-16 Thread [EMAIL PROTECTED]
drive/c/Program Files/Microsoft Visual Studio 8/SDK/v2.0/bin is the path wrong? Thanks, Wei Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > I downloaded NSPR 4.6.1 and NSS 3.11 from CVS. But build on Windows > > failed. > > > > I have cygwin, VC++ 2005 personal

Help on building NSPR, NSS on Windows

2006-10-15 Thread [EMAIL PROTECTED]
I downloaded NSPR 4.6.1 and NSS 3.11 from CVS. But build on Windows failed. I have cygwin, VC++ 2005 personal edition, and moztools installed. OS is Windows XP It failed on nspr configure. Do I need autoconf on my Windows? : command not found: : command not found: : command not found6: : comm

Re: Updated build instructions / release notes

2006-09-29 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > NSS 3.11 is the most recent version is it not? Are there updated > > release notes / build instructions somewhere? > > The most recent version of NSS is NSS 3.11.3. It should be > used with NSPR 4.6.3. The CVS tag

Updated build instructions / release notes

2006-09-28 Thread [EMAIL PROTECTED]
NSS 3.11 is the most recent version is it not? Are there updated release notes / build instructions somewhere? http://www.mozilla.org/projects/security/pki/nss/ seems a little outdated. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org h

Re: AES in CFB128 mode?

2006-09-25 Thread [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote: > Wan-Teh Chang wrote: > > [EMAIL PROTECTED] wrote: > > > Wan-Teh Chang wrote: > > >> Why would you like to use the CFB mode? > > > > > > Because that's what the current (non-NSS) code does. I'd rather just > &g

Re: AES in CFB128 mode?

2006-09-25 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > Wan-Teh Chang wrote: > >> Why would you like to use the CFB mode? > > > > Because that's what the current (non-NSS) code does. I'd rather just > > port, not change, the code. > > Is the C

Re: AES in CFB128 mode?

2006-09-22 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > Is it possible to use AES in CFB128 mode using NSS? If yes, how? :) > > > > (if no, why not? :) ) > > No, CFB128 mode is not implemented. You can only use > AES in ECB or CBC mode. > > Nobody asked for CFB

AES in CFB128 mode?

2006-09-21 Thread [EMAIL PROTECTED]
Is it possible to use AES in CFB128 mode using NSS? If yes, how? :) (if no, why not? :) ) ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Building (running) NSS cmd tools?

2006-09-20 Thread [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote: > Wan-Teh Chang wrote: > > [EMAIL PROTECTED] wrote: > > > I've followed the build instructions on checkout and building NSS > > > (after giving up on getting it to build the cmd utils inside my main > > > mozilla tree). It also com

Re: Building (running) NSS cmd tools?

2006-09-20 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > I've followed the build instructions on checkout and building NSS > > (after giving up on getting it to build the cmd utils inside my main > > mozilla tree). It also compiles fine, but I cannot seem to actually run >

Building (running) NSS cmd tools?

2006-09-19 Thread [EMAIL PROTECTED]
om the lib directory: [EMAIL PROTECTED] /cygdrive/c/nss/mozilla/dist/WINNT5.1_DBG.OBJ/lib $ ../bin/rsaperf.exe Which only results in: "The application failed to initialize properly (0xc022). Click on OK to terminate the application." My env. is (cygwin) Windows XP, and I'm usually a

Re: Trunk: Please watch out for regressions with secure sites

2006-04-08 Thread [EMAIL PROTECTED]
Is the error message ("Dearpark and secureads.ft.com can not communicate securily because they have no common encryption algorithms?") generated from http://news.ft.com/cms/s/257d272e-c665-11da-99fa-779e2340.html anything to do with this? ___ dev-tec

Re: Selection of a certificate.

2006-02-15 Thread [EMAIL PROTECTED]
You're aware that mozilla has an "ask every time" option, right?-YESBut options are for all user certificates. Automatic or manual.If a SERVER A request certificate of CA 2 (included in SERVER A ring) made for SERVER B, mozilla will send user certificate (and datum of SERVER B) for SERVER B to SERV

Selection of a certificate.

2006-02-14 Thread [EMAIL PROTECTED]
Hello, (I think that...)I see that mozilla in automatic mode, return certificate that server request. Is a good choice for easy use of user certificates. But if server is not very clean in use of datum of certificate can be a compromise of privacy.I think that could be a good choice that mozilla on