Is there a way add certificate with Builtin Object Token?

2009-11-20 Thread serval
Hi I need add my certificate into certdb with token Builtin Object Token I thought it is impossible but there have to exist some way because if I remove one of root certificates it is restored after firefox restart. But I can not find source code where this happen. Could anyone help my? Maybe

Re: NSS: Certificate mangement without certdb

2009-11-20 Thread Kai Chan
I noticed in a lot of the certificate functions ( http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslcrt.html#1050532), there is an argument for CERTCertDBHandle. Does that mean I can't use these certificate functions unless I use the cert8.db? If I still can, then do I pass that as

Re: NSS: Certificate mangement without certdb

2009-11-20 Thread Wan-Teh Chang
2009/11/20 Kai Chan nahc...@gmail.com: I noticed in a lot of the certificate functions (http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslcrt.html#1050532), there is an argument for CERTCertDBHandle.  Does that mean I can't use these certificate functions unless I use the cert8.db? 

Re: NSS: Certificate mangement without certdb

2009-11-20 Thread Kai Chan
Thanks for the clarification. So, by calling CERT_GetDefaultCertDB(), I get a handle to some type of pseudo-certificate database when initializing with NSS_NoDB_Init? Does this guarantee that any key material stays inside a third-party PKCS #11 module during certificate and cryptographic

Re: slow DB access with lots (6000+) of certs/keys

2009-11-20 Thread Nelson B Bolyard
On 2009-11-19 05:30 PST, David Stutzman wrote: In comment 11 of 433105, Bob R said: NSS can open more than one database at once, it might be good to see if you can specify opening more than one in the secmod.db file. Is it actually possible to specify more than 1 softoken using modutil?

Re: Is there a way add certificate with Builtin Object Token?

2009-11-20 Thread Nelson B Bolyard
On 2009-11-20 00:24 PST, serval wrote: I need add my certificate into certdb with token Builtin Object Token The builtin object token is a separate token from the token that holds the cert DB. You can add your cert into the cert DB, or into the builtin object token, or into both. See the

Re: NSS: Certificate mangement without certdb

2009-11-20 Thread Nelson B Bolyard
On 2009-11-20 10:56 PST, Kai Chan wrote: Thanks for the clarification. So, by calling CERT_GetDefaultCertDB(), I get a handle to some type of pseudo-certificate database when initializing with NSS_NoDB_Init? Yes. You get a handle to a pseudo cert DB (actually, a trust domain) regardless of

Re: slow DB access with lots (6000+) of certs/keys

2009-11-20 Thread Robert Relyea
On 11/20/2009 11:17 AM, Nelson B Bolyard wrote: On 2009-11-19 05:30 PST, David Stutzman wrote: In comment 11 of 433105, Bob R said: NSS can open more than one database at once, it might be good to see if you can specify opening more than one in the secmod.db file. Is it actually