Wan-Teh Chang wrote: > Steven T. Hatton wrote: > >> If I understand correctly, one main purpose of NSS is to provide a >> standard 'wrapper' around different implementations of security tokens >> and security services, so the programmer using the services can write >> to one abstract interface which will provide all the services from the >> underlying token implementation. JSS is inturn, a wrapper around NSS >> which provides the Java programmer with the same functionality NSS >> provides to the C programmer. >> >> I am aware of things such as JSSE and OpenSSL which provide much of >> the functionality I am looking for. The problem I ran into was that >> of incompatible certificate/key-store formats. In particular, I >> wanted to have one cert issued per box which would provide for SSL/PKI >> related services for all servers running on the box. In order to use >> JSSE I was required to export the keys and certificates and store >> them in a different format. This, to me is a non-starter. Anything >> which required the same data to be stored in different locations, and >> or different formats - with the exception of caching and backup >> purposes - is inherently evil. >> >> What I want is the ability to the following: >> >> ftp -a ftp.mozilla.org/<where the latest JSS is> >> tar xvfz latest-jss.tar.gz >> pkgadd -d latest-jss //or rpm -i latest-jss >> >> /* hack a bunch of java code that uses JSS >> create and install one set of key3.db, cert7.db and secmod.db files >> for all my aplications on a given box. >> */ >> >> run my code. >> >> The ease of installation is extremely important. Am I off target in >> what I am wanting? > > > > I don't quite understand what you want. Do you want > your JSSE-based and OpenSSL-based applications to be > able to use your centrally installed key3.db, cert7.db, > and secmod.db files too? > > How can NSS or a standard wrapper of security services > that you envisioned enable you to do that? > > If you've converted your apps to use NSS, why is the > incompatible certificate/key-store formats used by JSSE > and OpenSSL an issue? > > Wan-Teh >
Wan-Teh, Sorry for not being more clear. I was mentioning the others as possible alternatives to NSS. OpenSSL has the problem of not being Java ready, so I'd have to write my own JNI (which I have never done.) I found JSSE hard to work with in conjunction with Netscape's key database files which I already had with the SuiteSpot/iPlanet servers. I looked at NSS and it looked like the kind of thing I really wanted, but it wasn't ready for Java(2). I haven't messed with this stuff for over a year. Just recently I heard somebody say he wanted to transfer files in a secure way using a java application which did not require human intervention except to start it. That was exactly the reason I first wanted JSS a year ago. Then I started to realize all the other things I could do with it. Unfortunately the latest version back then didn't support java 2. (or someting like that) I believe JSS would provide everything I need, but I can't get it to work. :-( Steven
