Signing applet
Hi I'm trying to code an applet to signd forms in Netscape6+/Mozilla 1+ and i don't know how to start. Need something to access certificates intalled in the browser and also certificates in cards. Can someone give me some advice on what utilities can i use? Thanx in advance Javier Arrieta
Re: Follow-up on old problem: core in libsoftokn3.so
WTC, I agree, that wasn't really clear. It sounded like it may have been because of the way the shared library was being loaded using dlopen(); the problem report said: We were having a problem with name collisions, so use RTLD_NOW|RTLD_GROUPT as the mode parameter to dlopen(). Does that make sense to you? -- POC Wan-Teh Chang [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... POC wrote: The original problem is at http://groups.google.com/groups?dq=hl=enlr=ie=UTF-8oe=UTF-8threadm=aiud hj%24k041%40ripley.netscape.comprev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26 lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26group%3Dnetscape.public.mozilla.crypto%26s tart%3D150 In a nutshell, the user's shared lib was crashing the program when it attempted to load an NSS shared lib in the process memory using dlopen(). From reading the article, it sounded like the calling process environment (pointed to by char **environ) needs to always be *not NULL* otherwise when NSS_init is called, which then calls RNG_SystemInfoForRNG(), a crash could result... Shouldn't NSS check for situations when the calling process' environment is null? We could do that. But I want to know how the calling process's environment could be null in the first place. Wan-Teh
Re: openssl key/cert - NS key/cert db
liug wrote: How can I use the NSS tools to convert a openssl generated key pem file to netscape key3.db ? Thanks! Frank You probably can't convert it, because a pem file is a simple collection of certs, but a key3.db is a complex database. You might want to create a database and use appropriate tools to import your certificate/keys into the key3.db. You could try using a Mozilla build and use the certificate manager UI, or you could use the command line program certutil, some documentation exists here: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html Kai
Re: On PKCS 11 key pair generation with mozilla
I think you've got it backwards. PKCS 11 and PKCS 1 always have input and output in big-endian order, most significant byte of most signficant word first, least significant byte of least significant word last. That's the order generated and expected by mozilla/NSS. The data you showed before was clearly in the opposite order, least significant byte of least significant word first, most significant byte of most significant word last. I'd call that little endian. -- Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
Re: openssl key/cert - NS key/cert db
liug wrote: 4) now try to import it (I already have key3.db and cert7.db created). pk12util -i test2.p12 -d . it gives: pk12util: PKCS12 decode validate bags failed: The user pressed cancel. any ideas? thanks! frank Did you specify a password on your p12 file when you created it ? Does your database have a password set ? In either of these cases, you must pass parameters to pk12util on the command-line. I don't believe it will prompt you for the password. The parameters are -K slotpw (where slotpw is your database password) and -W p12pw (password of your p12 file). An easier way is to use PSM in Mozilla and click Import, and it will prompt you for any passwords you need to enter.
Re: openssl key/cert - NS key/cert db
Julien Pierre [EMAIL PROTECTED] wrote: liug wrote: 4) now try to import it (I already have key3.db and cert7.db created). pk12util -i test2.p12 -d . it gives: pk12util: PKCS12 decode validate bags failed: The user pressed cancel. any ideas? thanks! frank Did you specify a password on your p12 file when you created it ? Does your database have a password set ? In either of these cases, you must pass parameters to pk12util on the command-line. I don't believe it will prompt you for the password. The parameters are -K slotpw (where slotpw is your database password) and -W p12pw (password of your p12 file). An easier way is to use PSM in Mozilla and click Import, and it will prompt you for any passwords you need to enter. tried using -K -W option, same error. btw, pk12util does prompt for the passwd: pk12util -i test2.p12 -d . Enter Password or Pin for NSS Certificate DB: Enter password for PKCS12 file: forgot the mention that I am using the tools that comes with SunONE Webserver 6.0sp5 (aka iplanet webserver). I had to export LD_LIBRARY_PATH=/opt/iplanet6/bin/https/lib export PATH=/opt/iplanet6/bin/https/admin/bin:$PATH ls /opt/iplanet6/bin/https/admin/bin ACL.class clmod import restore AclApplet.classclrem importCore rmhttp AclParser.classclxfer importInfo rsrcpckr IdenACE.class commit importSecurity sec-migrate PermACE.class confaccimportUserssecurity ResponseACE.class confadmimportWebPub setlang RightVector.class cronctrl importWebPubInfo snmpcomm aclinput distaclindex snmpmctl advdistadminstallsnmptrpc adv.keydnedit lgaccess status adv.recdoauth migratestopadm avaeditdomodify migrateLocalDB tutor calcount dosearch modutilutil certutil dsconfig nsesvars viewacc ciphersedit perl viewerr cladd60genscreen pk12util clctrl getlangrename frank
