On Mon, Aug 26, 2013 at 7:11 PM, raj <raje...@gmail.com> wrote: > Hello helpcrypto, > > Thank you so much for your response. If we use the SunPKCS11, is NSS > library > the one doing encryption/decryption stuff?? >
No idea. Just use NSS to access installed certificates to sign using PKCS#11 interface. But u can connect to NSS using fips, so I think u could. > If so, Can you please help me in setting up the configuration (from > below)in > Windows machine and Linux server. I want to achieve the Cryptographic > functionality in FIPS mode. > > name = NSSfips > nssLibraryDirectory = /opt/tests/nss/lib > nssSecmodDirectory = /opt/tests/nss/fipsdb > nssModule = fips > In my experience, nssLibraryDirectoryand nssSecmodDirectory(to retrieve certs) hasnt worked very well and I attack softkn3.dll/so directly. If you have example, please provide it to me. > Sorry I dont. So this is what I do: Connect to PKCS#11 modules (NSS softkn3 is also one), retrieve certificates on each one and use any of them to sign or encrypt (or verify or decrypt) some data, as stated in PKCS11 standard, but not FIPS. > Thank you, > Raj > You welcome, regards. > > > > -- > View this message in context: > http://mozilla.6506.n7.nabble.com/NSS-JSS-in-FIPS-mode-for-Encryption-and-Decryption-in-java-tp288733p289343.html > Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
