Re: Scripting Crypto via XPCOM
Yes, now nearly all works(only that for the moment I sign with a fake certificate the javascript cause I've got problem with the global sign...) And yes I use only JSS or nearly. In fact I don't find in jss how to find the path to the keystore,... With XPCom component it's easy to get the path and select a certificate so... The method I use: - An applet with jss for signing - javascript to obtain : -path to the keystore of the current user -nickname of the certificate selected So, my jsp load the applet(the applet is signed with signjar), I open an other window with the signed html and javascript(signed with signtool). This html page retrieve the path to the keystore and the selected certificate, and then this information is given to the applet to initialize jss and sign. You can do a call from javascript to a method of the applet which access the filesystem,... but to do this you have to create a thread in the init of the applet and then the method will in fact use the thread created in the init(so there is no problem of security, of course if the applet is signed) If you have specific questions you can ask on the newsgroup(but for the moment I don't have an internet connection home so I read less often the newsgroup but in few days it will be ok) Rodrigue Butaye Jean-Marc Desperrier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... In the Scripting Certs via XPCOM thread, Rodrigue gave a method that enables to call a XPCOM component from javascript to get back a cert nickname. But it seems you can not do much anything useful once you get that ? None of the other NSS Api function that would enable to access the private key, and do cryptographic operation is accessible from XPCOM, are they ? Rodrigue, if you read this, did you succeed in doing anything interesting in XPCOM with this, or are you in fact only using JSS ? Also it seems that if I had a java applet that would be able to do the crypto through other ways, there is no easy way to do java-javascript communication to call this code.
Re: signtool 1.3
I tried to use the signtool you cited but I've got a windows when call the signtool command. Now I success to create a fake certificate and sign. It's a good idea to try to import the certificate with pk12util(I didn't know this tool I'll see) and change its alias. Thanks for your advice, Rodrigue
Re: Create pkcs7 signature from javascript in netscape 6, 7
You can install the secclab component and sign in javascript(I tried this but it doesn't work with the certificates we use...) Another way is to use jss in an applet. To access the certificate DB you can use an XPComponent, but to have the rights to do this you must sign the javascript with signtool 1.3. Read the previous post there is information about this matter. Rodrigue Butaye
Re: Update stored passwords
Robert, Robert wrote: Hi! I'm currently developing a password manager application for the Windows platform which monitors the Mozilla password file (12345678.s) and stores the password entries on a smart card. Ideally, the passwords should be written to Mozilla's password file when the card is inserted and deleted when the card is removed. However, there is a major problem: Mozilla only reads the password file when the browser (or the QuickLaunch tool) is first started, so modifying the file while Mozilla is running is pointless. Is there any way (Window message, etc.) to tell Mozilla that the password file has been changed so that it can update its internal list? If not, this would be a major improvement, which shouldn't be very difficult to implement :) This might be a different application from what you want, however it is probably simpler to implement : You could store the symmetric encryption key used to encrypt your password on your smartcard, instead of storing it in the security device. Therefore, you would only be able to access the passwords when the smartcard is inserted. Assuming you already have a PKCS#11 driver for your smartcard, the code change to do that in Mozilla should only be a minor change - look at the SDR functions. You would just need additional UI to select which security device to use for the password key. However I realize this does not offer the same benefits as storing the passwords themselves on the smartcard. With the approach described above you can't go from one machine to another with your smartcard and expect to transfer your passwords. If you always keep the password file encrypted, that problem might be solved by putting it on the network rather than on the local disk.
