Peter Djalaliev wrote:
Can somebody elaborate a little more about why one is better then the
other?
I went to the VFY_VerifyDigest code and I saw in vfy_VerifyDigest
that:
- for signatures produced with the RSA encryption algorithm, it would
decrypt the signature using the public key and
Nelson Bolyard wrote:
- The certificate is visible in MSIE7 (which just uses the windows cert
manager) and appears to work in Outlook (2003) – if I manually set my From
address to the one matching the certificate then Outlook sends the message
(which then bounces because our mail server rejects
wurstsemmel wrote:
The behavior of Tb arises from its handling of the S/MIME capabilities.
KMail requests an algorithm (I think AES), which Tb does not support. In
this case Tb seems to fall back to RC2.
please write a bug about this. https://bugzilla.mozilla.org
Product would be under
Eddy Nigg (StartCom Ltd.) wrote:
Hi Robert,
I just wondered about that one:
Robert Relyea wrote:
There is also a critical difference between the Hashing and the
keysize. Once a CA chooses it's keysize, then all certs signed by
that CA will be signed with that key. If 1024 bits is weak
Hi David,
Modutil explicitly loads the PKCS #11 module into it's address space
before it loads it into the database. If you are running a 32-bit
version, then you may have problems loading a 64-bit pkcs11 module. In
addition you'll want to be careful which applications open the dbdir. A
Brian Hawkins wrote:
I would like to use a block cipher to encrypt some data using a shared
secret. It doesn't appear that nss provides access to the low level
cipher suite, is that true? I cannot use public/private keys for my
encryption because of a design issue. Is there any way to sign
want.
Based on what you have said it looks like I need to create a
PK11SymKey and use it right?
yes, PK11_PubDerive (potentially followed by PK11_Derive if you need to
mangle the bits) would be your way in in this case.
bob
Thanks
Brian
On 6/3/07, *Robert Relyea* [EMAIL PROTECTED]
mailto
Intro
This page contains links and instructions for early NSS 3.12 releases to
test the major new features of NSS, namely Shared Database and libPKIX.
These are developement release of pre-alpha code, some of which are
coming from expiremental upstream branches. Bugs should be files against
David Stutzman wrote:
Robert Relyea wrote:
The JSS method to create this is:
SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes,
SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[]
messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
So
Nelson B wrote:
[EMAIL PROTECTED] wrote:
I'm having a tricky problem. What I am trying to do is to add an
object signing certificate to the NSS database. This can be done using
certutil, yes. But this is a xulapp that uses nsINSSCertCache, which I
fear is causing problems.
You
Dave Townsend wrote:
Nelson Bolyard wrote:
Dave Townsend wrote:
I've spent much of the afternoon delving through the NSS APIs trying to
figure out how to achieve my goals. I'm basicaly working on signing and
verifying data with public and private keys. I've figured that
SGN_SignData
Dave Townsend wrote:
Hi Bob, thanks for all your help by the way, got me much further so far.
Robert Relyea wrote:
You really only want to store and retrieve the private keys if you you
need to transport them (or back them up). Doing the latter needs to be
handled carefully, and can
[EMAIL PROTECTED] wrote:
I am trying to make a wireless surfstation to be used in a public
area. I'm using LiveKiosk which is CD based. I can use a laptop that
runs a livecd linux build. My problem is that I have to accept a
certificate every time the computer is restarted.
I was wondering
Ulf Leichsenring wrote:
I understand your real concern is the ability to import the above two
certs (and their private keys) into another module, other than softoken.
I suggest you test that. To do so, you need to add another command
line argument to the pk12util lines above, the option -h
I've just been informed by our testing lab that our FIPS validation is
complete.
Users of NSS 3.11.4 and 3.11.5 are now FIPS validated!
bob
smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
gstandefer wrote:
I have a situation where I have created a keypair and a cert.
I encrypt a CMS enveloped data with recip info using the public key.
I am able to decrypt this data without any problem.
I then re-create the certificate / keypair. Both private keys are now
visible using
Rob Crittenden wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Nelson Bolyard wrote:
Does serf use modSSL? If so, there is a modNSS that causes Apache to
use NSS instead of OpenSSL. That might be an easy change for you.
Nelson, what about the env variables as in
Arshad Noor wrote:
What would be ideal is for JSS to evolve into becoming
just another pluggable JCE Provider and hide the access
to the consolidated Fedora crypto keystore/library
behind that interface. You will then be doing two
communities a great service.
IIRC, JSS is a JCE provider, as
David E. Ross wrote:
On 10/19/2007 9:49 AM, Wan-Teh Chang wrote:
On 10/19/07, David E. Ross [EMAIL PROTECTED] wrote:
On 10/19/2007 5:35 AM, [EMAIL PROTECTED] wrote:
I am currently trying to convert from OpenSSL to NSS (seemed like a good
idea at the time). The code that I
Wan-Teh Chang wrote:
On 10/23/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Well, contrary to my expectations, I have now got the code working
with PK11_PubEncryptRaw - so again a big thank you.
Glad to hear that.
If after you decrypt the data with the RSA public key, you check for
Eddy Nigg (StartCom Ltd.) wrote:
I'm sure this has been reported before, but can't find something useful
at bugzilla. Does somebody know about the issue that sometimes the
browser returns the value SPKAC=2048 (High Grade) instead of the key
when using the keygen tag? Where can I find the bug
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Frank, the best test might be, if you could point us to a site signed by
the root in question. We could simply follow the chain up to the CA root
already in NSS.
I gave an example already in my previous message:
Kyle Hamilton wrote:
We don't know exactly what rules they enforce. We know that they permit
only a single '*', and do not permit any of the other forms of so-called
regular expressions that are presently recognized by NSS. We don't know
if they require any minimum number of dots to the
Florian Weimer wrote:
* Nelson Bolyard:
Florian Weimer wrote, On 2007-12-07 02:54:
Is it possible to configure NSS (or, more precisely, Firefox) to
terminate SSL connections on the web proxy, so that the proxy receives
requests in the clear (and handles the certificate verification)?
Nelson Bolyard wrote:
Robert Relyea wrote:
NOTE2: None of the proxy nelson mentioned will work if the user is using
SSL client auth.
I would say two things about that:
1) SSL client auth is generally controlled by the server, not the client.
correct. (of course).
2
Nelson Bolyard wrote:
Maybe this is news only to me. :-)
There is something out there called Domain Signatures (I think), which
is meant to be processed by your Email ISP and converted into something
that supposedly you trust.
The push for this is the need to get 'quiet' signatures
Florian Weimer wrote:
* Robert Relyea:
Oh, how unfortunate. Is it possible to disable all certificate checks?
So the question naturally arises: why do you want this?.
I want to get rid of the HTTPS confirmation dialogs for testing
automation purposes, preferably
Wan-Teh Chang wrote:
On Dec 5, 2007 1:04 PM, Bruno Escherl [EMAIL PROTECTED] wrote:
Hello,
I hope this is the right place to ask for it. I need a checkin for the
patches in bug 396044 and 396045. Reed said in that bugs, that special
checkin rights are needed.
Hi Bruno,
In the
Question ==
Why is Firefox a ClientHelloV2, although SSL v2 is disabled in Firefox
2?
This is a big question. Firefox2 has turned on a number of SSL3/TLS
extensions which require and SSL3 hello. I suspect that for some reason
you don't really have SSL2 turned off (and old profile?).
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Without offending, but does Johnathan has the right background for this?
I don't know, but if I remember right his specializations are in
different fields...
Johnathan and other Mozilla people, e.g., members of the NSS team, have
I don't think neither the KEYGEN tag nor the window.crypto objects can
be used to generate keys in tokens
If yes...how can it be done
I just wanted to start a new thread..for the same.
If there is a token installed, Seamonkey/Firefox/Mozilla will prompt the
user where the keys
D3|\||\|!$ wrote:
The issue isn't with certificates; it is with private keys.
I disagree with you...What if somebody deleted the private key from
key3.db and its associated certificate entry in cert8.db??? Then added
his own thing and went around playing with it...???
The keys in the
Eddy Nigg (StartCom Ltd.) wrote:
Shared DB would be one of the greatest things! So I'm not able to judge
if and when it can be done, but looking very much forward to it.
Bob, how can I enable this for FF and TB to share the same DB?
If you want to start playing with it, try the
Eddy Nigg (StartCom Ltd.) wrote:
Does anybody know if and which parameters might be obtained by the
window.crypto functions and smart cards? For reference see this page:
http://developer.mozilla.org/en/docs/JavaScript_crypto#Handling_Smart_Card_Events
Specifically I'd like to know if there
Nelson Bolyard wrote:
Robert Relyea wrote, On 2008-02-19 14:20:
Eddy Nigg (StartCom Ltd.) wrote:
Does anybody know if and which parameters might be obtained by the
window.crypto functions and smart cards? For reference see this page:
http://developer.mozilla.org/en/docs
Christophe Thiaux wrote:
Hello,
I can't connect on an ssl server with Firefox 3: it displays
SEC_ERROR_BAD_SIGNATURE
But if i'm connecting with Firefox 2 and accept the certificate
definately, then the connexion with Firefox 3 works.
Any idea of the problem ?
Not from this sparse
Christophe Thiaux wrote:
Christophe Thiaux a écrit :
I can't connect on an ssl server with Firefox 3: it displays
SEC_ERROR_BAD_SIGNATURE
But if i'm connecting with Firefox 2 and accept the certificate
definately, then the connexion with Firefox 3 works
My certificate is a self signed
Stephen Hamilton wrote:
Nelson,
Thanks for the quick response. Cert_NewTempCertificate works well with
the redefinition statement from nssrenam.h. This is for my Master's
project, so I needed an explanation of what was going on, and this helps
tremendously.
Stephen
[EMAIL PROTECTED] wrote:
All of these functions are declared in secutil.h(and defined in
secutil.c).
Most of the NSS headers have macros around the headers so that they can
be included in C++ programs
(SEC_BEGIN_PROTOS)
secutil.h is a header that's not part of NSS proper, but part of a
Subrata Mazumdar wrote:
Thanks Nelson. My comments are inline.
Nelson Bolyard wrote:
Subrata Mazumdar wrote, On 2008-02-28 17:18:
I have two question about configuartion of PKCS#11 module in Firefox 3:
- is there any documentation on how to configure MS CAPI as PKCS#11
module
Subrata Mazumdar wrote:
Hi Robert,
thanks a lot for your response. I will definitely use it and see if I
can uncover/fix the memory leak.
That would be great!
BTW, what is name of the DLL for CAPI PKCS#11 module that I should use
to configure the device manager?
Is it nsscapi.dll?
yes, I
[EMAIL PROTECTED] wrote:
Good Day,
I have developed a custom smart card based Pkcs library, I'm currently
testing it qith Thunderbird, so far i can
encrypt, sign and verify e-mails, but when i send myself an encrypted
e-mail, I encounter something weird.
On Initial Viewing of my encrypted
I 'pushed' and announcement out, but it seems to be hung up somewhere in
the mail server...;).
Frank Hecker wrote:
I thought this was worth noting:
http://boblord.livejournal.com/19010.html
To quote from the Project Dogtag wiki page: The Dogtag Certificate
System is an
Subrata Mazumdar wrote:
Hi,
is there any way I can find the certificate associated with a public key
using
the SubjectPublicKeyInfo (CERTSubjectPublicKeyInfo)?
I am looking for public API and not too low level.
I looked in the .../nss/certdb/cert.h and .../nss/pk11wrap/pk11pub.h
files -
Anders Rundgren wrote:
on the URL http://demo.webpki.org/mozkeygen
you can get yourself a certificate by clicking a single button.
What is a bit hard to understand is why the test-service at
https://www.apache-ssl.org/cgi/cert-export
often (but not always!) asks the user multiple times to OK
Kai Engert wrote:
D3|\||\|!$ wrote:
Later on, I decided to test the code onto redhat9
Wow, you're really still using Red Hat Linux version 9?
and now the code
compiles properly but throws up linking error(undefined reference)
with the following functions:
SECU_DefaultSSLDir()
Aren't the people who send their credit card number on an https
connexion where the private key of the server is public knowledge
already screwed ?
Yes, of course. The question for this thread is: who is responsible
for each screwedness?
I beg to differ. The question is:
Frank Hecker wrote:
3. Find some other way to get NSS not to recognize DigiNotar certs for
email, perhaps in combination with some action by Entrust and/or
DigiNotar. For example, one idea is to have end users of DigiNotar certs
reconfigure their email clients to have cert chains that
Bruce Keats wrote:
Hi,
I started using firefox 3 and I am now getting errors connecting to
intra-net sites that were OK in firefox 2. We have our own intra-net
and we have a CA that issues server certs and user certs. I have
loaded the CA certs and the CA certs are visable under
Nelson B Bolyard wrote:
Chris Hills wrote, On 2008-07-03 10:47:
From what I have read in this group, there is already some experimental
code in NSS, but I have no idea as to its functionality or usability.
The files are in
Nelson Bolyard wrote:
Yes, please. You can put this text into the bug report, if you'd like.
I just walked through that code again more carefully. It's definitely a
bug. It's really a flaw in the design of the private function
pk11_ForceSlot. That function can have any of the following
133mmx wrote:
If you instead would tell us exactly what you want to know or perhaps what
your specific problem is, perhaps someone might be able to actually help.
I will try to summarize my problem. I am implementing pkcs#11 library
to access our smart card. Currently i am testing ssl. I
avih wrote:
I'd really appreciate any answer or further pointers. I'm still
interested in this stand alone implementation... I've described my
latest experience earlier on this topic.
Sorry I was away when you first asked your questions
A good place to start in implementing a PKCS #11
Nelson B Bolyard wrote:
Joe Orton wrote, On 2008-07-28 16:09:
On Sat, Jul 26, 2008 at 05:17:56PM -0700, Nelson Bolyard wrote:
Daniel Stenberg wrote, On 2008-07-26 13:45:
As a user of OpenSSL, NSS, yassl and GnuTLS I can certainly agree that
GnuTLS has flaws in its API but NSS
Nelson B Bolyard wrote:
[EMAIL PROTECTED] wrote, On 2008-08-04 23:23:
I found this mime type(Content-type:application/x-x509-user-cert) is
used for firefox 1.5.
It just not have popup windows for notification.
Is there any version of Firefox where it DOES have a dialog?
I believe
Subrata Mazumdar wrote:
Hi Bob,
I can neither generate key-pair nor use the private key to sign either
a PKCS#10 CSR or another Cert.
I remembered that I had that working at one point, but it may have
attropied... It may actually be an issue in the NSS wrapper rather than
the CAPI
Wan-Teh Chang wrote:
On Thu, Aug 7, 2008 at 4:40 AM, Michael Ströder [EMAIL PROTECTED] wrote:
Ok, I've extracted
ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/nss-3.11.4.tar.gz
and set LD_LIBRARY_PATH to the extracted lib/ dir (see output of
Wan-Teh Chang wrote:
2008/8/7 Robert Relyea [EMAIL PROTECTED]:
signver was finally made to link with the dynamic NSS libraries in NSS
3.12.1 (not yet released), so pretty much any package will have static
linked version of it.
That's 'signtool', not 'signver'.
Opps, my bad
Nelson B Bolyard wrote:
Howard Chu wrote, On 2008-08-11 20:07:
Nelson B Bolyard wrote:
Howard Chu wrote, On 2008-08-10 14:13:
It would make it impossible to use in e.g. OpenLDAP/nss_ldap because
applications would be unable to load their own configuration settings
after
Wan-Teh Chang wrote:
2008/8/15 Sam Laidler [EMAIL PROTECTED]:
Hello, hope all is well.
I was wondering if I might ask about hashing efficiency. I am reiteratively
hashing values. Basic algorithm is:
digestCntxt = PK11_CreateDigestContext(algorithm);
while (counter
Nelson B Bolyard wrote:
Thorsten Becker wrote:
Nelson Bolyard wrote:
On the other hand, it is possible that the domain validation was performed
but that it was deceived through the use of DNS attacks. In his slides
on the subject of DNS attacks, Dan Kaminsky did say that it was
Nelson B Bolyard wrote:
Suresh Kumar J wrote, On 2008-09-02 10:55:
Hi Nelson,
You are correct that Apache Tomcat web-server(v6.0.13) choked with the
full set of cipher suites implemented in the Windows FF3.0.1. When I
disable the following cipher suites via the about:config option, the
web
Graham Leggett wrote:
Hi all,
I am trying to port some symmetrical encryption / decryption code
using OpenSSL's EVP_CipherUpdate function to NSS, and I am running
into trouble trying to find the API documentation for NSS.
So far, the closest to documentation that I have found is a list of
Anders Rundgren wrote:
Eddy Nigg wrote:
The keygen tag is used widely and Mozilla supports smart cards with the
associated PIN excellent.
I'm sure about that! However...
What I was referring to is the inability for an issuer specifying that
generated keys should be PIN-protected
Graham Leggett wrote:
Robert Relyea wrote:
Newer applications should use more standard algorithms such as PKCS#5
v2.0 for key derivation.
I am assuming NSS supports PKCS#5 v2, what functions should I be
looking at to achieve this?
Ah, It's a PBE algorithm. That is a perfectly acceptable
Subrata Mazumdar wrote:
nsCOMPtrnsIPK11Token softToken;
rv = pkcs11Slot-GetToken(getter_AddRefs(softToken));
softToken-Login(PR_FALSE); // prompts for initializing password
. . .
softToken-Reset(); // expected that token/slot password would be in
the uninitialized state
Graham Leggett wrote:
Completeness I guess - xml-security's API allowed you to choose both
CBC and ECB modes, so I was trying to emulate the same thing.
The only mechanism that I cannot find an oid for is CKM_DES3_ECB - do
you know which SEC_OID_* macro I should be using?
The
Nelson B Bolyard wrote:
Graham Leggett wrote, On 2008-09-06 12:51:
I think a big source of confusion is that everything is an OID, or
everything is a mechanism, but not all OID or mechanisms are relevant
for every situation, and this isn't clear from each function call.
I think this
Wan-Teh Chang wrote:
On Thu, Sep 11, 2008 at 9:29 AM, Paul Hoffman [EMAIL PROTECTED] wrote:
Greetings again. Are people aware of any IPsec implementations using
NSS's crypto, even as a non-default build option?
No, I don't know of any IPsec implementations using
NSS's crypto. Since
Francisco Puentes wrote:
Being a beginner with NSS, I need help :-(
I am trying to generate a RSA pair of keys with this code:
NSS_Init(./rsa.db);
NSS_Init requires a pointer to a directory (which should already exist).
You should check the error code coming back for NSS_Init. It's
Graham Leggett wrote:
Hi all,
I am having a dilemma that I am trying to find a solution for.
In the httpd webserver, if the mod_nss module is loaded, the mod_nss
module will try and initialise NSS. If mod_authnz_ldap is loaded into
the same server, and mod_authnz_ldap depends on the Mozilla
Robert Relyea wrote:
[ output deleted].
Which means that libnssckbi.so is used for obtaing trustanchors and i
dont know why. In configuration I've set that i want only access to
keystore. Any ideas?
Yes, the trust anchors are stored in libnssckbi.so. NSS nssckbi is the
NSS cryptoki Builtin
Subrata Mazumdar wrote:
Nelson,
thanks very much for the clear answer - I did not realize that the
Mozilla NSS does not support PKCS#8.
I also agree with you that PKCS#12 format is the right way to
import/export keys.
The problem is that a large number of OpenSSL based applications still
use
Kyle Hamilton wrote:
On Tue, Oct 7, 2008 at 5:22 PM, Subrata Mazumdar
[EMAIL PROTECTED] wrote:
I guess that the problem is in documentation and the PSM GUI. The PSM
GUI should have clearly stated
the password policy requirement in the password change dialog window.
Also, NSS should have
Nelson B Bolyard wrote:
[EMAIL PROTECTED] wrote, On 2008-10-13 13:52:
I have a crypto library which I connect to a Firefox extension using
Xpcom. The library generates custom size public and private key pairs
which I would like to store securely in Firefox. How would this be
done?
Nelson B Bolyard wrote:
b) some unmistakeable blatantly obvious way to show the user that this
site is not using security that's good enough for banking but, well,
is pretty good security theater. Flashing pink chrome?
Empty wallet icon? The whistling sounds associated with falling things?
Julien R Pierre - Sun Microsystems wrote:
How do we revoke Mozilla's root?
By updating mozilla software :)
Certainly not by issuing a CRL. Mozilla doesn't have the keys needed to
issue a CRL to revoke any root. (CRL's must be signed by the issuer, or
by an agent with the appropriate key
Paul Hoffman wrote:
At 3:25 PM +0200 10/24/08, Ian G wrote:
Robert Relyea wrote:
The problem with this idea is that mozilla probably does not want to be
in the CA business. The overhead of creating a mozilla root key in a
safe and secure manner is quite involved (and more than doing
[EMAIL PROTECTED] wrote:
On Oct 28, 5:10 pm, Nelson B Bolyard [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote, On 2008-10-28 13:29:
From what I have read, the internal pkcs 11 data store is protected by 1
master password. Is there a way to store my keys in the firefox pkcs 11
data
Antonio wrote:
Hi all,
Is it possible to create a brand new certificate database at runtime
for read/write purposes, without it being the default database?
Thanks,
Antonio
Yes,
The thread multiple pkcs 12 files vs. firefox software pkcs 11
module... has a link to two functions that allow
, The CERTCertDBHandle is basically an historical dreg in our code.
NSS always has a consoldiated view of all the databases. The only time
they are distinguished is if you specify a particular token
(PK11SlotInfo *). What is it you are trying to actually do?
bob
On Oct 29, 8:46 pm, Robert Relyea [EMAIL
Ken wrote:
2008/11/5 Robert Relyea [EMAIL PROTECTED]:
NZzi wrote:
hi all:
when i use nss to develop some cipher program(just
for local, not internet), i.e. just perform
miscellaneous cryptographic operations, the only
reference i can use is the example code from MDC.
when i want
Bernie Sumption wrote:
If we create an error display that says No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it.
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that
Akkshayaa Venkatram wrote:
Hi
I am developing a Firefox extension that calls PKCS 11 functions like
C_Encrypt, C_Sign, C_Decrypt and others..
We don't expose the direct C_ calls in NSS. NSS typically has the token
open during the entire time, so applications making calls and changing
states
NZzi wrote:
hi all:
I want to use private key to encrypt a message,
and decrypt with public key.
Are you encrypting data or a symmetric Key?
Most of the nss code that does these operations does so on actual
symetric keys (which are then used to do additional
encryption/decryption/macing).
NZzi wrote:
Robert Relyea wrote:
NZzi wrote:
hi all:
I want to use private key to encrypt a message,
and decrypt with public key.
Are you encrypting data or a symmetric Key?
Most of the nss code that does these operations does so on actual
symetric keys (which are then used to do
Ken wrote:
2008/11/15 Robert Relyea [EMAIL PROTECTED]:
NZzi wrote:
Robert Relyea wrote:
NZzi wrote:
hi all:
I want to use private key to encrypt a message,
and decrypt with public key.
Are you encrypting data or a symmetric Key?
Most of the nss code
Hans Petter Jansson wrote:
This works for some databases, but not others. It doesn't seem to matter
which application created the database (I've tried with databases from
Firefox and Evolution) - e.g. one user's database may fail while another
user's database may migrate properly. When it
Anders Rundgren wrote:
IM[NS]HO, S/MIME encryption using PKI is one of the biggest security
farces ever. Even the use-case is often wrong.
Please start your debate in another thread. S/MIME and PKI are a
supported part on the NSS feature set, and supported in pretty much
every email
Wolfgang Rosenauer wrote:
Nelson B Bolyard schrieb:
Wolfgang Rosenauer wrote, On 2008-11-18 05:38:
Hi,
I'm trying to use Firefox with an sqlite based NSS. So far all the
certificate stuff still works as expected as far as I can see but the
password manager component is broken now:
Anders Rundgren wrote:
Robert,
Pardon me. I did indeed not intended to slam Paul's guide.
I changed the thread but I don't expect a fruitful debate since the difficulties
are mostly unrelated to NSS. I feel sorry for those who feel that S/MIME
encryption needs to become mainstream because
Wolfgang Rosenauer wrote:
Robert Relyea schrieb:
This was a new profile actually. And yes, the database which reveals
this issue isn't complete it seems. I removed it and created a new empty
one using certutil -d sql:. -N and now Firefox works correctly.
What I've used to create the shared
Nelson Bolyard wrote:
Robert Relyea wrote:
Typically
needsUserInit means there isn't a password record in your key database.
Without this you can not store any keys. The difference between 'not
initialized', 'doesn't have a master password', and 'has master a
password' is as follows:
1
Wan-Teh Chang wrote:
The SECMOD_LoadUserModule and SECMOD_UnloadUserModule functions
were added in https://bugzilla.mozilla.org/show_bug.cgi?id=132461, but no
NSS utilities or test programs use these functions, so the only sample code
for these functions that I can find is PSM.
PSM uses these
Wolfgang Rosenauer wrote:
Hi,
Hans Petter Jansson schrieb:
This database only fails to migrate if the target database was not
already created by another, successful merge, though.
I think you're saying that the failures only occur if the target (cert9)
DB doesn't already exist
I'll repeat my answer to your question in the opensc list. We should
probably keep followups in this list since there is more NSS/mozilla
expertise here (which is really where your questionis coming from)...
Akkshayaa Venkatram wrote:
Hello,
From the mozilla tree,
I have a couple of thoughts about some of the worries about shutting
down after a fork().
First, the PKCS #11 spec is silent on this issue particularly, but it is
clear about one thing, you do need to be able to handle C_Initialize
after the fork. The quickest way to get there is to allow
Martin Paljak wrote:
Thanks!
I was only trying to figure out if there is any difference in 2.11 vs
2.20 handling.
2.20 allows slots to be added during the lifetime of a cryptoki
application.
Can you also explain how NSS handles the feature or any gotchas in
implementing support for
[EMAIL PROTECTED] wrote:
Initially I posted this on another support forum, but was kindly
requested to post here instead:
For a screendump please refer to: http://www.vandersman.org/certstore.PNG
Interesting. The sequence ?? in the cert isn't valid thai. ? is a vowel
(roughly 'a' as in
Martin Paljak wrote:
Thanks for tips! Could you point me to the line in spec where it says
that slots can only be added. I cant find the place where it forbids
removing.
That's what I get for not checking the spec after the meeting in which
we discussed this. The original agreement was that
1 - 100 of 458 matches
Mail list logo
