Hello Bob and others,
I'm still trying to have nsSDR use my opencryptoki-tpm-pkcs11-token. For
the moment, instanciating a pk11SlotInfo "linked" to that token works,
but authentication doesn't. I'm searching the code to find the reason,
but haven't been able to do so for the moment.
I observed
bob
Yes, I think the encryption algo is in the SoftTok. "C_EncryptUpdate" is
called.
http://mxr.mozilla.org/mozilla1.9.1/source/security/nss/lib/pk11wrap/pk11cxt.c#670
not cool...
ah I'm stupid, that still doesn't mean the algorithm/mechanism is
inside the token. I don't know if C
Hello Bob
Robert Relyea schrieb:
On 11/28/2009 11:49 PM, Marc Kaeser wrote:
Dear NSS gurus, what do you think, would it really be a bad idea to
use the key from another token, but still use the internal token to
encrypt? When SDR is called, I could check if the token I want to use
also
Dear NSS gurus, what do you think, would it really be a bad idea to use
the key from another token, but still use the internal token to encrypt?
When SDR is called, I could check if the token I want to use also
provides the encryption mechanism I need. If it doesn't, I could use the
internal to
Sorry I didn't find time to read your answers before today. But thanks,
your explanations help me a lot! I guess it's always difficult to figure
out all dependencies in the beginning, one has to know many puzzle
peaces to see what the final picture could look like ^^
Robert Relyea schrieb:
if I understand well, pk11sdr.c creates a pk11context which tells which
mechanism and which key to use.
Then it calls PK11_CipherOp with that context, and a CKA_ENCRYPT set.
PK11_CipherOp sees "aha, it's a CKA_ENCRYPT, so I must do an encryption
of mechanism "type" and a key (handle, or key data
C_EncryptUpdate
:,-(
I don't know if my TPM or TSS implements that, yet...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
take the key from another token, but use the
soft-tok to encrypt, that's like if I used 2 different tokens and mixed
up the key from one with the functions of the other. Would not be a
great thing...
thanks!
Nelson B Bolyard schrieb:
On 2009-11-24 13:00 PST, Marc Kaeser wrote:
Are the
Sorry I didn't find time to read your answers before today. But thanks,
your explanations help me a lot! I guess it's always difficult to figure
out all dependencies in the beginning, one has to know many puzzle
peaces to see what the final picture could look like ^^
Robert Relyea schrieb:
>
take the key from another token, but use the
soft-tok to encrypt, that's like if I used 2 different tokens and mixed
up the key from one with the functions of the other. Would not be a
great thing...
thanks!
Nelson B Bolyard schrieb:
On 2009-11-24 13:00 PST, Marc Kaeser wrote:
Are the
thanks a lot, now that you explain it again that clearly, I can see the
difference. Somehow, I had in mind that those "crypting-objects" are
wire-hard-coded, that the soft-toks just emulates some hardware, and
that you just could forward your requests to that hard-coded logic, and
get some answ
Thank you for your help, I'll answer directly into your answers, too:
Robert Relyea schrieb:
If I remember well, the PKCS11 specs tell that there's exactly 1
crypto-object per token (soft or hardware).
FALSE- A token can and does regularly have multiple crypto-objects
active at any given tim
Dear newsgroup,
Could you please give me a hand? I've got a problem understanding the
relationship between physical/logical reader, slot, token, and
PK11SlotInfo, NSSToken, PKCS11-Object, Symkeys, Secret keys, fixed keys,
in NSS's PKCS11 implementation.
Please just put a "true" or "false" afte
After reading a bit more, I think I now understand most of the things in
nsSDR at least. Seems really to be relatively "simple". A future work could
be to choose also another algorithm than triple DES for encryption...
3 more questions ^^
-Should I look for the key using all PK11SlotInfos,
Hello again
On 11/08/2009 10:32 AM, Marc Kaeser wrote:
Hello Robert,
where can I get in touch with the NSS people you told me about? I want
to try to do those modifications.
I'm one of them:).
Cool!!! Do you want to become my project manager? Please :-D
It's magic that
Hello!!
"Nelson B Bolyard" schrieb im Newsbeitrag
news:mailman.693.1257791313.526.dev-tech-cry...@lists.mozilla.org...
On 2009-11-08 10:32 PDT, Marc Kaeser wrote:
Hello Robert,
where can I get in touch with the NSS people you told me about?
Here in this mailing list (or
Hello Robert,
where can I get in touch with the NSS people you told me about? I want to
try to do those modifications.
I'm facing following problem right now, maybe you can help me:
in /security/nss/lib/pk11wrap/pk11util.c there is the function
SECMODModule *
SECMOD_GetInternalModule(void)
{
Hello Bob,
I've looked a bit further into the code today, and though you already
explained me those things, let me write them again in order to see if I
understood the idea:
1. Starting point:
The problem with nsSDR is that you can't choose another slot/token than the
internal one if one wa
Hello Bob,
thanks a lot for your explanations.
My goal is indeed to have my own Firefox-Code doing that specific encryption
using keys "hidden" in my tpm on my own mainboard "just for me" (using IBM's
API or pkcs11-opencryptoki with NSS, to provide encryption for
mozStorage->Logins-DB). I'm no
you are using Ububtu, I recommend that you do not use Firefox that
comes with Ubuntu distribution - download the Firefox from Mozilla.
--
Subrata
Marc Kaeser wrote:
Hello!
Thanks, I've seen the other thread, and I'm very interested in it :-) I
wonder how Subrata Mazumdar managed to l
Thx a lot,
But what if I just want to "hardcode" the use of another token, without any
ability to choose the one sdr should use? My first idea was to replace slot
= GetInternalModule() by slot = GetSlotByName(const char * name); because
they're declared to be of the same type/struct. The first
Hello,
I've got the following problem: I need nsSDR.cpp to use another pkcs11
module instead of the built in software one, in order to store the
encryption keys on another crypto-token than the built in software one.
in nsSDR.cpp, the 3 functions Encrypt(), Decrypt() and ChangePassword() use
Hello!
Thanks, I've seen the other thread, and I'm very interested in it :-) I
wonder how Subrata Mazumdar managed to load that module - maybe other
versions?
But I must say my problem's still of lower class than loading the module
into NSS for the moment. I've found out the problem of my pack
d, but I thought I give you a
feedback before you think I gave up ^^
Marc
"Klaus Heinrich Kiwi" schrieb im Newsbeitrag
news:mailman.1275.1251392984.4294.dev-tech-cry...@lists.mozilla.org...
Marc Kaeser wrote:
Hello Klaus,
I tried to find those software tokens so I can tes
Hello Robert,
first I want to thank you again, cause you can't imagine how helpful the few
sentences you wrote were. I had lots of puzzle-elements, but couldn't find
the way to put them together :)
I also came to the conclusion that encrypting the token-db would be stupid.
The whole system i
to the TPM)
found by pkcsconf come from? Which software does "emulate" that one? The
slotdeamon itself?
Thanks and best greetings!
"Klaus Heinrich Kiwi" schrieb im Newsbeitrag
news:mailman.616.1250712620.4294.dev-tech-cry...@lists.mozilla.org...
Marc Kaeser wrote:
Hel
Thanks for those explanations, I admit that they're a great help for a
beginner like me. A short synopsis like that is very helpful.
My idea was not to use a cryptography module in order to bind / seal the
token DB, but to write an XPCOM-module including TSS libraries without using
tokens and/
Hello Klaus,
sorry that my answer lasted so long to come. I only have a few days a week
to work on that. For now, here are the printouts of pkcsconf -t and -s :
r...@lenovo:/usr/sbin# ./pkcsconf -t
LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost.
LOG_DEBUG TSPI rpc/tcs
Hello Martin,
have you been able to find out why FF crashed? I've got the same problem
here, everything worked fine except for the module-import in FF. My build
crashes too.
I'm working on Ubuntu too, but I got my sourcecode from mozilla and built it
myself. I'd like to know if you found the p
Robert I'm sorry, I misunderstood your answer. Thanks I'll also look at
pk11sdr.c to see if I can get the answers.
But I wonder if the db-binding solution wouldn't be simpler. Unfortunately
I'm no NSS champ. I found helpful docs on mozilla.org, but it's still no
simple task for me to understand
Thanks, that's a super answer!
But what do you think, instead of implementing another module, if I
encrypted the whole softoken-database with a binding or sealing key,
wouldn't it have the same effect? Instead of storing the tokens in the TPM
itself, they'd be on disk, but protected by a tpm ke
Thanks for your answer. I'm looking at nsSDR.cpp and I ask to myself:
is the Master Password used as an encryption key, or where does the key come
from? Does mozStorage encrypt the credentials also if the Master Password
isn't set? I hope I'll finde the answer in pk11sdr.
I want to protect the
Dear Newsgroup,
I'm looking for information about the Master Password in XPCOM/Firefox. I
looked at the NSS-Module-Sourcecode, but can't figure out how the Master
Password Concept is implemented. Well, first I need to understand that
concept. I haven't been able to find docs on mozilla.org. Is
33 matches
Mail list logo
