Re: NSS open multiple NSS-Databses at once?
Am Mittwoch, 11. Januar 2017 14:23:45 UTC+1 schrieb John Dennis: > On 01/11/2017 03:21 AM, Opa114 wrote: > > Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea: > >> On 01/10/2017 02:07 PM, Opa114 wrote: > >>> Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea: > >>>> On 01/10/2017 10:18 AM, Opa114 wrote: > >>>>> thanks, but these facts i know. > >>>>> I don't want top let multiple applications open one Database, i want to > >>>>> open multiple different Mozilla databases, in the old standard format, > >>>>> with one (my) application. > >>>>> > >>>>> I tried to use the NSS_Init functions. These works with openening one > >>>>> database, but when i open a second one the whole application crashes,so > >>>>> that's why i asked the question and may be get some working example c++ > >>>>> code? > >>>> 1) Where are you crashing (it's not expected to work, but I don't expect > >>>> a crash because you called NSS_Init again). > >>>> > >>>> 2) To open additional databases you want to use SECMOD_OpenUserDB: > >>>> > >>>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB > >>>> > >>>> You can call that multiple times. > >>>> Once the database is opened any of the NSS find functions will find all > >>>> the certs in both databases. The slot returned from SECOMD_OpenUserDB > >>>> can be used in functions that take a slot to narrow the operations just > >>>> to that particular database. > >>>> > >>>> To NSS each database will look basically like a smart card. > >>>> > >>>> When you are through with that database you can use SECMOD_CloseUserDB() > >>>> > >>>> bob > >>> > >>> thanks for reply. Here are first some little code of which did not work, > >>> that means it crashes: > >>> > >>> functionLoadFirefox() { > >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB); > >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, > >>> NULL); > >>> NSS_Shutdown(); > >>> } > >>> > >>> functionLoadThunderbird() { > >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB); > >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, > >>> NULL); > >>> NSS_Shutdown(); > >>> } > >>> > >>> So these are my two functions in which i opened and clos the databases > >>> and retrieve the certificates. > >> So the certs you got from the first call is likely preventing > >> NSS_Shutdown from completing. The certs hold references to the > >> respective slots. Those references prevent NSS_Shutdown from closing > >> completely. The will prevent the second NSS_Init from succeeding, so you > >> probably crash in your second shutdown. You can detect this happened by > >> looking at the return value from NSS_Shutdown(). > >>> > >>> --> 2) To open additional databases you want to use SECMOD_OpenUserDB > >>> So this means. First i have to call NSS_Init with let's say firefox > >>> database ad the i have to call SECMOD_OpenUserDB with the > >>> thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB? > >> You can either use NSS_Init with no database and then call > >> SECMOD_OpenUserDB() for both, or you can call NSS_Init with one database > >> and then call SECMOD_OpenUserDB with the other. > >>> > >>> --> Once the database is opened any of the NSS find functions will find > >>> all the certs in both databases > >>> But i have to know from which databse the certificates are coming from. > >>> So i need to know that let's say Certificate ABC ist stored inside > >>> Firefox Databse and Certificate 123 is stored in Thunerbird Database. How > >>> can i do that? or is this not possible? > >> The slot the database can be found in the cert->slot entry, but this > >> will only give you ONE of the slots the cert lives in. If a cert exists > >> in both databases, it will have a single entry on the list and be > >> "somewhat" random which slot is listed (If you open one database with > >> NSS_Init and the second with SECMOD_OpenUserDB()
Re: NSS open multiple NSS-Databses at once?
Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea: > On 01/10/2017 02:07 PM, Opa114 wrote: > > Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea: > >> On 01/10/2017 10:18 AM, Opa114 wrote: > >>> thanks, but these facts i know. > >>> I don't want top let multiple applications open one Database, i want to > >>> open multiple different Mozilla databases, in the old standard format, > >>> with one (my) application. > >>> > >>> I tried to use the NSS_Init functions. These works with openening one > >>> database, but when i open a second one the whole application crashes,so > >>> that's why i asked the question and may be get some working example c++ > >>> code? > >> 1) Where are you crashing (it's not expected to work, but I don't expect > >> a crash because you called NSS_Init again). > >> > >> 2) To open additional databases you want to use SECMOD_OpenUserDB: > >> > >> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB > >> > >> You can call that multiple times. > >> Once the database is opened any of the NSS find functions will find all > >> the certs in both databases. The slot returned from SECOMD_OpenUserDB > >> can be used in functions that take a slot to narrow the operations just > >> to that particular database. > >> > >> To NSS each database will look basically like a smart card. > >> > >> When you are through with that database you can use SECMOD_CloseUserDB() > >> > >> bob > > > > thanks for reply. Here are first some little code of which did not work, > > that means it crashes: > > > > functionLoadFirefox() { > > SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB); > > ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL); > > NSS_Shutdown(); > > } > > > > functionLoadThunderbird() { > > SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB); > > ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL); > > NSS_Shutdown(); > > } > > > > So these are my two functions in which i opened and clos the databases and > > retrieve the certificates. > So the certs you got from the first call is likely preventing > NSS_Shutdown from completing. The certs hold references to the > respective slots. Those references prevent NSS_Shutdown from closing > completely. The will prevent the second NSS_Init from succeeding, so you > probably crash in your second shutdown. You can detect this happened by > looking at the return value from NSS_Shutdown(). > > > > --> 2) To open additional databases you want to use SECMOD_OpenUserDB > > So this means. First i have to call NSS_Init with let's say firefox > > database ad the i have to call SECMOD_OpenUserDB with the > > thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB? > You can either use NSS_Init with no database and then call > SECMOD_OpenUserDB() for both, or you can call NSS_Init with one database > and then call SECMOD_OpenUserDB with the other. > > > > --> Once the database is opened any of the NSS find functions will find all > > the certs in both databases > > But i have to know from which databse the certificates are coming from. So > > i need to know that let's say Certificate ABC ist stored inside Firefox > > Databse and Certificate 123 is stored in Thunerbird Database. How can i do > > that? or is this not possible? > The slot the database can be found in the cert->slot entry, but this > will only give you ONE of the slots the cert lives in. If a cert exists > in both databases, it will have a single entry on the list and be > "somewhat" random which slot is listed (If you open one database with > NSS_Init and the second with SECMOD_OpenUserDB() then the one you opened > with SECMOD_OpenUserDB() will be the slot that shows up. > > To fix this issue, there's a function called PK11_GetAllSlotsForCert() > which returns a slotList and will return all the slots that hold this > cert. The slots map one for one to the databases you opened (or any > smart cards you have loaded). You can control the 'tokenName' of each > slot with the string arguments you pass to SECMOD_OpenUserDB(), and you > can get the token name with PK11_GetTokenName() on each slot on the list.. > > You could also use PK11_ListCertsInSlot() which takes a slot > (SECMOD_OpenUserDB() will return a slot for you) and lists only those > certs in that slot. > > Be sure to f
Re: NSS open multiple NSS-Databses at once?
Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea: > On 01/10/2017 10:18 AM, Opa114 wrote: > > thanks, but these facts i know. > > I don't want top let multiple applications open one Database, i want to > > open multiple different Mozilla databases, in the old standard format, with > > one (my) application. > > > > I tried to use the NSS_Init functions. These works with openening one > > database, but when i open a second one the whole application crashes,so > > that's why i asked the question and may be get some working example c++ > > code? > 1) Where are you crashing (it's not expected to work, but I don't expect > a crash because you called NSS_Init again). > > 2) To open additional databases you want to use SECMOD_OpenUserDB: > > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB > > You can call that multiple times. > Once the database is opened any of the NSS find functions will find all > the certs in both databases. The slot returned from SECOMD_OpenUserDB > can be used in functions that take a slot to narrow the operations just > to that particular database. > > To NSS each database will look basically like a smart card. > > When you are through with that database you can use SECMOD_CloseUserDB() > > bob thanks for reply. Here are first some little code of which did not work, that means it crashes: functionLoadFirefox() { SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB); ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL); NSS_Shutdown(); } functionLoadThunderbird() { SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB); ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL); NSS_Shutdown(); } So these are my two functions in which i opened and clos the databases and retrieve the certificates. --> 2) To open additional databases you want to use SECMOD_OpenUserDB So this means. First i have to call NSS_Init with let's say firefox database ad the i have to call SECMOD_OpenUserDB with the thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB? --> Once the database is opened any of the NSS find functions will find all the certs in both databases But i have to know from which databse the certificates are coming from. So i need to know that let's say Certificate ABC ist stored inside Firefox Databse and Certificate 123 is stored in Thunerbird Database. How can i do that? or is this not possible? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
NSS open multiple NSS-Databses at once?
Hi there, i have to use NSS in one of my applications and therefor i have to open multiple databases (for example Firefox and Thunderbird) at once to read and write into these. How can i do this programatically in C++? Some exmaple Code would be very helpful because the whole NSS-Stuff is not very well documented. Thnaks in advice! :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: LIBPKIX How To Use? (Windows)
Am Mittwoch, 9. November 2016 23:10:36 UTC+1 schrieb Julien Pierre: > Which LIB file are you using ? If it is a small LIB file, it is probably > just the import library for the DLL . > > PKIX_PL functions are internal functions not exported from NSS3.dll . > Why do you want to use those functions directly ? > > There is a public PKIX API, CERT_PKIXVerifyCert, which you should use. > > Julien > > > On 11/9/2016 05:56, Opa114 wrote: > > Hi there, > > > > how can i use the LIBPKIX Library on Windows? Did it everytime only compile > > a *.lib file instead of a *.dll file like the nss3.dll? Everytime i try to > > use the PKIX_PL_Cert_VerifySignature Function for example i got the error > > that the reference to the function is undefined, which tells me that it has > > a problem with linking to the library - right? > > > > Anybody out there who can help? because i want not not to verify the with it's usage. i want to check ifa cert was / has signed another certificate. There i no such function in NSS or haven't i seen that? So that why i wanted to use the PKIX_PL_Cert_VerifySignature function. or is there a public function which check the same? The LIB was the pkixpki.lib. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
LIBPKIX How To Use? (Windows)
Hi there, how can i use the LIBPKIX Library on Windows? Did it everytime only compile a *.lib file instead of a *.dll file like the nss3.dll? Everytime i try to use the PKIX_PL_Cert_VerifySignature Function for example i got the error that the reference to the function is undefined, which tells me that it has a problem with linking to the library - right? Anybody out there who can help? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How are the private keys associated with the certificates in the NSS Database?
Hi, can someone tell me more about some technical detail. I want to know how the private keys stored ind the key3.db are associated / linked with the corresponding certificate stored in the cert8.db? I could not find any detail how that was implemented. Hope someone could give me more information about this. Thanks a lot! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How to use NSS in my C++ Project?
Hi, can someone explain me how i use NSS and NSPR in my C++ Project? I'm new to C++ and want use in project the NSS libraries, so i thought i could include the header files i need, but did not work, so what's the right way? Must i compile NSS and NSPR first and the use the DLL / Libs? Would be very helpful if someone could explain it in detail. Thanks a lot! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: New JSS Version?
Am Dienstag, 14. Juli 2015 14:45:20 UTC+2 schrieb Opa114: Hi, when will be a new release of JSS come out? The last Version is very old and did not support some features of latest NSS, which are very important for me. And the JSS should be improved, because some methods are very bad or not implemented. Any information? is there no one who has information??? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
New JSS Version?
Hi, when will be a new release of JSS come out? The last Version is very old and did not support some features of latest NSS, which are very important for me. And the JSS should be improved, because some methods are very bad or not implemented. Any information? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How is it possible to instantiate multiple instances of CryptoManager in Java (JSS)?
now i got the CloseDBs Code working and it will close the Database. But i could not create a second or third instance of CryptoManager again. Is this possible?? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How do I convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.X509Certificate?
Just a simple question: How do I convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.X509Certificate? I haveseen that there is a small notice on official JSS FAQ which says i should use: Cryptomanager.importCertPackage() But this method did not work. I got NoSuchItemException, because the if did not found a matching private Key. But it has to work without a private key. So is there another way? I need tis because all my Certificates are in java.security.X509Certificate and i have to convert it to org.mozilla.jss.crypto.X509Certificate because some JSS functions work only with this type of Certificate. Thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: [ANNOUNCE] NSS 3.19.2 Release
Am Samstag, 20. Juni 2015 04:04:34 UTC+2 schrieb Ryan Sleevi: The NSS Development Team announces the release of NSS 3.19.2 Network Security Services (NSS) is a patch release for NSS 3.19. No new functionality is introduced in this release. This release addresses a backwards compatibility issue with the NSS 3.19.1 release. Notable Changes: * In NSS 3.19.1, the minimum key sizes that the freebl cryptographic implementation (part of the softoken cryptographic module used by default by NSS) was willing to generate or use was increased - for RSA keys, to 512 bits, and for DH keys, 1023 bits. This was done as part of a security fix for Bug 1138554 / CVE-2015-4000. Applications that requested or attempted to use keys smaller then the minimum size would fail. However, this change in behaviour unintentionally broke existing NSS applications that need to generate or use such keys, via APIs such as SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey. In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix for Bug 1138554 has been moved to libssl, and will now only affect the minimum keystrengths used in SSL/TLS. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes In addition to this release, the release notes for NSS 3.19 and NSS 3.19.1 have been updated to highlight that both releases contain important security fixes - CVE-2015-2721 in NSS 3.19, CVE-2015-4000 in NSS 3.19.1. The updated release notes for NSS 3.19 are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes The updated release notes for NSS 3.19.1 are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes The HG tag for NSS 3.19.2 is NSS_3_19_2_RTM. NSS 3.19.2 requires NSPR 4.10.8 or newer. NSS 3.19.2 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedproduct=NSStarget_milestone=3.19.2 very nice. But can you tell me, when JSS will be optimized and ported to a newer version of NSS? JSS is at the moment not usable :( -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: importing leaf cert into NSS db via JSS
how can i call the method: importCertPackageNative()? i got method not visible error :( -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: JSS - Open Multiple Truststores
Am Montag, 23. April 2007 21:35:57 UTC+2 schrieb Glen Beasley: Dennis Sinelnikov wrote: Hello, Is there a way to open more than 1 NSS truststore using JSS? Specifically, within the same lifecycle of the java application. At this time no. The database NSS currently uses, can't be used by multiple processes. The multiaccess database feature is planned but is not expected until NSS 3.13. Once implemented JSS would then be able to use this feature. http://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Multiaccess_Certificate_and_Key_Databases -glen when did JSS support this? i need this feature :) would be very helpful and a great gesture if some of the JSS / NSS developer could give me a feedback and infos about this. Thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How is it possible to instantiate multiple instances of CryptoManager in Java (JSS)?
i found a little bit of code and answers (https://bugzilla.mozilla.org/show_bug.cgi?id=378615), but did not work. get the alreadyInitializedException, too -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Build JSS on Windows Error
Hi, i tried to build the latest version of JSS on windows. but it did not work like the description here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/JSS/Build_instructions_for_JSS_4.3.x i get the error: JavaBuild Error 2 when it tries to build the jss.jar. but this file file i could download compiled from the mozilla ftp server, i only need the *.dll file. so how could i only compile the dll or coul i not compile this file alone? or has someone the jss4.dll for 32Bit in latest version 4.3.1? Or has someone a detailed and working solution on how to build JSS fully on windows (windows 8)? thanks. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How is it possible to instantiate multiple instances of CryptoManager in Java (JSS)?
Hi, i know how ot create a new Instance of CryptoManager in Java and it all works fine. But i want to access the Firefox and Thunderbird Key-/Certstore simultaneously. So i have two classes for my two applications and when i create new Objects of them i got the Exception that the Cryptomanager is already initialized: org.mozilla.jss.crypto.AlreadyInitializedException. i searched a lot on the internet and on JSS documents, but did not found a solution for this. So is there a way to create multiple instance of CryptoManager? Or is there a way to close a CryptoManager? Or can NSS handle this? if yes, so i could maybe try to call the native C-Functions in Java which is not the problem. Thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
creating a java.security.cert.X509Certificate form PK11InternalTokenCert - public key export??
Hi, when i convert the PK11InternalTokenCert to a java X509Certificate and then i print out the certificate the public key is in this certificate as a: org.mozilla.jss.pkcs11.PK11RSAPublicKey@17050dc, but i want it thee i clear text and normal. How can i do this an my conversation? i did it this way: CryptoManager.initialize(profileFolder); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] certs = cm.getPermCerts(); PK11InternalTokenCert cert = (PK11InternalTokenCert) certs[0]; CertificateFactory certFactory = CertificateFactory.getInstance(X.509); java.security.cert.X509Certificate certificate = ((java.security.cert.X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certs[0].getEncoded(; System.out.println(certificate); -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Problem with importing Certificate into Firefox Keystore with JSS - Cast problem
no one there who could help me to Cast from java.security.cert.X509Certificate to org.mozilla.jss.crypto.X509Certificate ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Problem with importing Certificate into Firefox Keystore with JSS - Cast problem
Hi there, i have a little problem. i want to add a certificate t the Firefox keystore this way: X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance(X.509).generateCertificate(new FileInputStream(src//Sohrabi.cer)); cm.importCertToPerm(certificate, testdummystuff); but i have a problem with the casting of the Certificate. the importCertToPerm need a Certificate of Instance: org.mozilla.jss.crypto.X509Certificate but my created certificate is of instance: java.security.cert.X509Certificate. When i try to cast it to the mozilla.jss.crypto.X509Certificate i get an error that this cast is not possible. so i need a little help from you.. thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Get only personal certificates
i have the same question. i tried it withthe code from your post above. but it returns on every check false. Jss has only implemented the function getCACerts() which lists all CA-Certs and getPermCerts() which lists all CA-Certs and the personal certs. but i want to read out every single tab (look at my attached screenshot: http://imgur.com/5VtcEpJ). or if this is not possible in any way i want an option to select onlythe personal certificates from the return of getPermCerts(). thanks for help. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Mozilla-JSS not found
Hi, i tried this example Code from JSS (http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/KeyStoreTest.java). When i run the Code i getthe following error: java.security.KeyStoreException: Mozilla-JSS not found Caused by: java.security.NoSuchAlgorithmException: Mozilla-JSS KeyStore not available But when i output the provders the Mozilla-JSS is listed as frist element. so where is the problem? thanks -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
in the secmod.java it checks the Version of NSS: private void fetchVersions() { supported = nssVersionCheck(nssHandle, 3.7); } But the NSS Version i copied from Mozilla-Folder has verson 3.17.2.0. But this error message seems to be that there are problems with the version. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
- People (personal without related private key) -- how did you get this? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
Am Mittwoch, 14. Januar 2015 20:30:41 UTC+1 schrieb Opa114: in the secmod.java it checks the Version of NSS: private void fetchVersions() { supported = nssVersionCheck(nssHandle, 3.7); } But the NSS Version i copied from Mozilla-Folder has verson 3.17.2.0. But this error message seems to be that there are problems with the version. another thing. i treid JSS. Works on first time. is shows me all the certificates including personal, server and other. then i removed a certificate and the count of the certificates was increased. Before delete the count was 186, after delete 187. starnge thing. JSS looks very buggy. then my cert8.db ist crashed and i let Firefox create a new one. then run my code and i get the output of only 30 certficates. But in the certmanager in firefox i see more than 30. so what's happen there? i think JSS ist too buggy :( but it was a little bit easier to use than the NSS stuff. when i could access personal and server and others with NSS it would be nice. and i found out if i remove certificates from the CA list, Firefox will recreate the entry on every startup (if someone is interested in it) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i tried it now with JSS and there i could access the Trusted Root CAs and the own certificates. i could remove them, too. now i have to check if i could read the other certificates like Persons, other and root. and i have to check exactly what certificates i get when i call the getCACerts()-function in difference to the getPermCerts()-function. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i played a little bit with my JSS-Code. it shows me all Certificates fromm all Tabs in the Firefox Builtin Certificate-Manager. But JSS seems to be very buggy. First i read out 183 Certificates. After i removed one certificate and i run the list certificates again it shows me 190 certificates. Then it crashed by cert8.db and i let FF create a new own. the run my code and ot output of only 10 certificates, but inside the store are about 180 certificates. very strange thing. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
Am Dienstag, 13. Januar 2015 19:04:28 UTC+1 schrieb helpcrypto helpcrypto: Thats your mistake: Using softokn+slot=2 will access your personal/installed certificates, not CA/trusted ones. Perhaps slot 1 will do, but I have never tried. On Tue, Jan 13, 2015 at 5:19 PM, Opa114 opa...@gmail.com wrote: i mean the Server and CA not only own Certificates -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto i tried slot = 1. same output. 0 Certs found. is there any documnetation what parameters the arguments could have. like certPrefix and KeyPrefix and Slot. Firefox has the following Certificate-Tabs in his Manager: - Personal - People - Server - Trusted CA - Other i have to access all of these. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
the link to Oracle Docu did not contain detailed information to all the arguments. yes, Personal works. a way without certutil os not possible? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
thanks again. i have compared my code woth your peace of code you posted and i have the same. But i still get the Error: CKR_DEVICE_ERROR i loaded the dll's in your posted order. i copied the dll's to C:\users\myname\AppData\Local\Temp Folder. the Mozilla Profile folder is right, too. so don't know where the problem is. i read so many documents on the internet, but i found no one which handles CKR_DEVICE_ERROR in any good and deep way. Could it be a problem with the dll-Files? From where did you get the dll's and wich version have they? (maybe you could send them to me?) do you think it could be a try to use JSS? but you wrote that JSS sucks. i only have to access the keystore and to read out the certificates and to delete the certificates and maybe show the private/public keys from some certificates. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
Am Dienstag, 13. Januar 2015 12:14:28 UTC+1 schrieb helpcrypto helpcrypto: On Tue, Jan 13, 2015 at 12:00 PM, Opa114 opa...@gmail.com wrote: thanks again. i have compared my code woth your peace of code you posted and i have the same. But i still get the Error: CKR_DEVICE_ERROR CKR_DEVICE_ERROR is an error on the cryptoki itself, as stated by PKCS#11 standard. I have found several times this error when using buggy smartcards, but IIRC, never with softkn i loaded the dll's in your posted order. i copied the dll's to C:\users\myname\AppData\Local\Temp Folder. the Mozilla Profile folder is right, too. so don't know where the problem is. Hope you copied before loading them on the new location ;) yes i did :) i read so many documents on the internet, but i found no one which handles CKR_DEVICE_ERROR in any good and deep way. Could it be a problem with the dll-Files? From where did you get the dll's and wich version have they? (maybe you could send them to me?) Don't think so. These dll are in the firefox folder. As far as i can understand, theres no sense to send my dlls to you...they shall be the same okay. but in my Firefox intallation folder are not all the dll's you listed. i know the nspr4.dll is from the NSPR Build. But the edll for example are not on my folder by default: mozutils.dl Send me a self-contained fully executable hello world/main/test.java and i can run it against my system, trying to find whats happening. I think is better to work with your simple use-case/code, instead of sending you my complex code (lot of classes involved) here ist my little peace of test-code :) http://pastebin.com/e5CCahxN http://pastebin.com/kAsyG5Ai This are my two classes which you need to test it. do you think it could be a try to use JSS? but you wrote that JSS sucks. I dont recommend you that. If you surrender after first fall, you'll never win. okay :) i only have to access the keystore and to read out the certificates and to delete the certificates and maybe show the private/public keys from some certificates. If you aren't going to sign/decrypt..., I suggest you using certutil. yeah but i do't want to run any command line util in background. and maybe this option come in future, so it is better to do the thing right at the beginning If this start to become a personal conversation, maybe is better to happen off-list. i don't think it's to personal. maybe other people have the same question or problems :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i mean the Server and CA not only own Certificates -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i searched a little bit around and looked into the Mozilla dll's and i found out that the Built-In Trusted Root CAs are in the nssckbi.dll, so i changed my code to load this dll in libary in the config instead of the softokn3.dll. Programm runs and got no error, but the Size is zero. Any idea how to solve this? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
okay i will try it by copy the files to %temp% and then try to load it up. What are the exact dependencies which i have to copy? i've read so many different.. :( i'm using JDK 1.8.0_25 for compiling my code. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
hi again, yeah i googled the last days very much about this topic. so i found out the best solution for me would be so access the softokn3.dll with PKCS#11 Provider in java. i tried a little bit and wrote a small code. but it does not work. i got the Error parsing configuration, Unexpected token[] error in line 3. here is my little peace of code an my config file for it. Code: String configName = D:\\test.cfg; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); Provider[] providers = Security.getProviders(); for ( int i=0; i providers.length; i++ ) { System.out.println(Provider +i+ : + providers[i].getName()); } Config: name=NSS library=C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll nssArgs=configdir='C:/Users/Matthias/AppData/Roaming/Mozilla/Firefox/Profiles/2zd6f6ww.default-1387886878940' certPrefix='' keyPrefix='' secmod='secmod.db' flags=readOnly slot=2 i tried it without and with \ and \\, but nothing worked. can you help me? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
Am Montag, 12. Januar 2015 18:51:51 UTC+1 schrieb helpcrypto helpcrypto: This is the dependency lack ;) This is what I have, probably some have changed: String[] nssDeps = { //WARNING: Order MATTERS! System.mapLibraryName(msvcr100), System.mapLibraryName(msvcp100), System.mapLibraryName(mozglue), System.mapLibraryName(nss3), System.mapLibraryName(mozutils), System.mapLibraryName(mozcrt19), System.mapLibraryName(nspr4), System.mapLibraryName(plds4), System.mapLibraryName(plc4), System.mapLibraryName(nssutil3), System.mapLibraryName(mozsqlite3), System.mapLibraryName(sqlite3), System.mapLibraryName(nssdbm3), System.mapLibraryName(freebl3) }; On Mon, Jan 12, 2015 at 5:55 PM, Opa114 opa...@gmail.com wrote: i tried it but get another error: Caused by: java.io.IOException: modul not found - C:/Users/Matthias/AppData/Local/Temp/softokn3.dll but the file is in this folder. Where is the problem? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto i've done this. loadedall the named librariesfrom you above. and now i get this error: CKR_DEVICE_ERROR Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR at sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method) at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1545) at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:157) at sun.security.pkcs11.SunPKCS11.init(SunPKCS11.java:330) ... 2 more -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i tried it but get another error: Caused by: java.io.IOException: modul not found - C:/Users/Matthias/AppData/Local/Temp/softokn3.dll but the file is in this folder. Where is the problem? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
i do. but i want to parse the cert8.db or maybe access this fle in an easier way with JAVA. i have to read the file and maybe i have to remove and/or add new certificate to it. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
could you give me a little example or hint how to parse the secmod.db? so that i can try t access the cert8.db with SunPKCS#11? i tried the code posted from above (DBHash.java), too. it reads out the cert8.db- but how can i convert the data i received into a x509 certificate? for example an example output of the data i get: key: : 012b 2e6e ead9 7536 6c14 8a6e dba3 7c8c .+.n..u6l..n..|. 0010: 0730 8185 310b 3009 0603 5504 0613 0247 .0..1.0...UG 0020: 4231 1b30 1906 0355 0408 1312 4772 6561 B1.0...UGrea 0030: 7465 7220 4d61 6e63 6865 7374 6572 3110 ter Manchester1. 0040: 300e 0603 5504 0713 0753 616c 666f 7264 0...USalford 0050: 311a 3018 0603 5504 0a13 1143 4f4d 4f44 1.0...UCOMOD 0060: 4f20 4341 204c 696d 6974 6564 312b 3029 O CA Limited1+0) 0070: 0603 5504 0313 2243 4f4d 4f44 4f20 5253 ..U...COMODO RS 0080: 4120 4365 7274 6966 6963 6174 696f 6e20 A Certification 0090: 4175 7468 6f72 6974 79 Authority data len: 1607 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
could you give me a little example or hint how to parse the secmod.db? so that i can try t access the cert8.db with SunPKCS#11? i tried the code posted from above (DBHash.java), too. it reads out the cert8.db- but how can i convert the data i received into a x509 certificate? for example an example output of the data i get: key: : 012b 2e6e ead9 7536 6c14 8a6e dba3 7c8c .+.n..u6l..n..|. 0010: 0730 8185 310b 0247 .0..1.0...UG 0020: 4231 1b30 4772 6561 B1.0...UGrea 0030: 7465 7220 4d61 6e63 ter Manchester1. 0040: 300e 616c 666f 7264 0...USalford 0050: 311a 3018 0603 5504 0a13 1143 4f4d 4f44 1.0...UCOMOD 0060: 4f20 4341 204c 696d 6974 6564 312b 3029 O CA Limited1+0) 0070: 4f4d 4f44 4f20 5253 ..U...COMODO RS 0080: 6963 6174 696f 6e20 A Certification 0090: 4175 7468 6f72 6974 79 Authority data len: 1607 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
Thanks for it. I will read your links and try my best to access the cert8.db ;) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
I have the same question / problem. I want to access the mozilla keystore (firefox and thundebird) via Java (No Java Applet) or C#? I found the JSS/NSS Provider, but no information on how to use it and on which way i can access the keystores. So how is it possible? Little example Code would be helpful. And is it possible with C#? Or there are other ways to access them? maybe read in the whole cert8.db file, but it looks like that the file is encrypted. so the question is, how could i decrpyt the file? Hope someone could help :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
I have the same question / problem. I want to access the mozilla keystore (firefox and thundebird) via Java (No Java Applet) or C#? I found the JSS/NSS Provider, but no information on how to use it and on which way i can access the keystores. So how is it possible? Little example Code would be helpful. And is it possible with C#? Or there are other ways to access them? maybe read in the whole cert8.db file, but it looks like that the file is encrypted. so the question is, how could i decrpyt the file? Hope someone could help :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Accessing Firefox keystore
I have the same question / problem. I want to access the mozilla keystore (firefox and thundebird) via Java (No Java Applet) or C#? I found the JSS/NSS Provider, but no information on how to use it and on which way i can access the keystores. So how is it possible? Little example Code would be helpful. And is it possible with C#? Or there are other ways to access them? maybe read in the whole cert8.db file, but it looks like that the file is encrypted. so the question is, how could i decrpyt the file? Hope someone could help :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto