Thanks again. I looked into the things you told me, but i'm stuck. I'm using libp11 and tried it that way:
int rc = 0; PKCS11_CTX *pkcs11_ctx; pkcs11_ctx = PKCS11_CTX_new(); PKCS11_CTX_init_args(pkcs11_ctx, "configdir='C:/Users/Username/AppData/Roaming/Mozilla/Firefox/Profiles/5wzkdcjx.default' certPrefix='' keyPrefix='' secmod='secmod.db'"); rc = PKCS11_CTX_load(pkcs11_ctx, "C:/Program Files (x86)/Mozilla Firefox/softokn3.dll"); qDebug() << pkcs11_ctx->description; if (rc) { qDebug() << "Error loading Module"; } And i got the Error loading Module message when I run the code. Is my way of doing this right or where is the problem? I'm not so familiar with this special thing. Hope you can help me out a little bit more. -----Ursprüngliche Nachricht----- Von: David Woodhouse [mailto:dw...@infradead.org] Gesendet: Donnerstag, 3. November 2016 16:59 An: Matthias B. <opa...@gmail.com> Cc: mozilla-dev-tech-cry...@lists.mozilla.org Betreff: Re: Access NSS (shared) DB with OpenSSL? On Thu, 2016-11-03 at 13:41 +0100, Matthias B. wrote: > Thanks ro reply and thanks for the information, but is there a way to > access the NSS (shared) Database with OpenSSL in C++? The Code you > told me is using the binary files. So first i want a solution for > accessing it in C++-Code. Is it possible in a (easy) way? Sure. I gave command-line examples because they're fairly trivial, but they were pointing you in the right direction. For read-only access (using certs and keys which exist in the NSS db), you can use the PKCS#11 engine. Look in curl, wpa_supplicant, and other things for examples. It goes something like: ENGINE *e = ENGINE_by_id("pkcs11"); ENGINE_init(e); EVP_PKEY *pkey = ENGINE_load_private_key(e, "pkcs11:...", ...); Using the LOAD_CERT_CTRL engine command is slightly more complex but I'll leave that as an exercise for the reader. Again, examples in curl, wpa_supplicant, etc. For writing to the token, you're going to want to use libp11 directly. Note that my trivial example made use of p11-kit. That's how we do the system-wide configuration on Linux of which PKCS#11 tokens should be visible to which processes. The engine will load p11-kit-proxy.so by default, and thus load (and proxy, as the name implies" all the tokens indicated by the system configuration. My 'nss.config' file that I showed first was the per-user configuration which asked it to load the NSS softokn module. For your special case, you might want to load the NSS softokn module *directly* instead of going through p11-kit. In which case, make sure you use PKCS11_CTX_init_args() to set the arguments that point it to the correct database directory, etc. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto