Thanks again. I looked into the things you told me, but i'm stuck.
I'm using libp11 and tried it that way:
int rc = 0;
PKCS11_CTX *pkcs11_ctx;
pkcs11_ctx = PKCS11_CTX_new();
PKCS11_CTX_init_args(pkcs11_ctx,
"configdir='C:/Users/Username/AppData/Roaming/Mozilla/Firefox/Profiles/5wzkdcjx.default'
certPrefix='' keyPrefix='' secmod='secmod.db'");
rc = PKCS11_CTX_load(pkcs11_ctx, "C:/Program Files (x86)/Mozilla
Firefox/softokn3.dll");
qDebug() << pkcs11_ctx->description;
if (rc) {
qDebug() << "Error loading Module";
}
And i got the Error loading Module message when I run the code. Is my way
of doing this right or where is the problem? I'm not so familiar with this
special thing.
Hope you can help me out a little bit more.
2016-11-03 18:00 GMT+01:00 Matthias B. <opa...@gmail.com>:
> thanks again for you explanation and hints. So first good point ist, that
> it is possible to access the NSS Database with OpenSSL library.
>
> I will take a look into the hints you gave me like curl, wpa_supplicant,
> etc.
>
> 2016-11-03 16:58 GMT+01:00 David Woodhouse <dw...@infradead.org>:
>
>> On Thu, 2016-11-03 at 13:41 +0100, Matthias B. wrote:
>> > Thanks ro reply and thanks for the information, but is there a way to
>> > access the NSS (shared) Database with OpenSSL in C++? The Code you
>> > told me is using the binary files. So first i want a solution for
>> > accessing it in C++-Code. Is it possible in a (easy) way?
>>
>> Sure. I gave command-line examples because they're fairly trivial, but
>> they were pointing you in the right direction.
>>
>> For read-only access (using certs and keys which exist in the NSS db),
>> you can use the PKCS#11 engine. Look in curl, wpa_supplicant, and other
>> things for examples. It goes something like:
>>
>> ENGINE *e = ENGINE_by_id("pkcs11");
>> ENGINE_init(e);
>> EVP_PKEY *pkey = ENGINE_load_private_key(e, "pkcs11:...", ...);
>>
>> Using the LOAD_CERT_CTRL engine command is slightly more complex but
>> I'll leave that as an exercise for the reader. Again, examples in curl,
>> wpa_supplicant, etc.
>>
>> For writing to the token, you're going to want to use libp11 directly.
>>
>> Note that my trivial example made use of p11-kit. That's how we do the
>> system-wide configuration on Linux of which PKCS#11 tokens should be
>> visible to which processes. The engine will load p11-kit-proxy.so by
>> default, and thus load (and proxy, as the name implies" all the tokens
>> indicated by the system configuration. My 'nss.config' file that I
>> showed first was the per-user configuration which asked it to load the
>> NSS softokn module.
>>
>> For your special case, you might want to load the NSS softokn module
>> *directly* instead of going through p11-kit. In which case, make sure
>> you use PKCS11_CTX_init_args() to set the arguments that point it to
>> the correct database directory, etc.
>>
>> --
>> dwmw2
>>
>>
>>
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
