Re: Accessing Firefox keystore
Hi again, sorry for delay. Yes, you can (SHOULD) use SunPKCS#11 to access directly the libraries/modules. You can do it two ways: - attack libraries directly - parse (legacy) secmod.db on Firefox profile to list modules/libraries. Have a look on http://stackoverflow.com/questions/2873581/is-it-possible-to-access-a-bdb-from-pure-java sethi.org/tmp/ssh/src/com/mindbright/bdb/DBHash.java It's quite complex, so if you get lost, I could try to send you some code. Regards. On Mon, Dec 8, 2014 at 7:48 PM, opa...@gmail.com wrote: I have the same question / problem. I want to access the mozilla keystore (firefox and thundebird) via Java (No Java Applet) or C#? I found the JSS/NSS Provider, but no information on how to use it and on which way i can access the keystores. So how is it possible? Little example Code would be helpful. And is it possible with C#? Or there are other ways to access them? maybe read in the whole cert8.db file, but it looks like that the file is encrypted. so the question is, how could i decrpyt the file? Hope someone could help :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Guidance for NSS, NSPR cross compilation
On Wed, 2014-12-10 at 12:25 +0900, Kosuke Kaizuka wrote: Why you choose such an old and out-of-dated version of NSS? 3.17.3 (current latest stable) or 3.16.6 (used in current Fx/Tb 31.x ESR branches) should be used. Clarification: FF/TB 31.x currently use 3.16.2.3 3.16.6 is older, 3.16.2.3 is newer. (See also my message from 2014-10-27 on this list.) Should any future NSS bugfixes be backported for FF/TB 31.x ESR, they will probably be added on the NSS_3_16_2_BRANCH and we might produce additional 3.16.2.x releases. If anyone still uses 3.16.6, they should upgrade to NSS 3.17.3 Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: libnsssysinit
On Tue, 2014-12-09 at 14:18 +, Martinsson Patrik wrote: It's cute that GNOME keyring can provide PKCS#11 functionality and you can store certificates and keys in there. But you aren't *using* that functionality. So just unregister the module entirely by deleting its file from /usr/share/p11-kit/modules/. Then you don't have to worry about its behaviour, or the apps which don't support the protected authentication path. Life's too short :) Haha, ok. I get that part. What I don't get is, why is it there, and when is, and who is suppose to use it Shouldn't it be removed ? FWIW this isn't even working correctly in Firefox. It *sometimes* handles CKF_PROTECTED_AUTHENTICATION_PATH correctly, but other times it just starts a new session, doesn't bother to log in, gets CKR_USER_NOT_LOGGED_IN from C_SignInit() and fails. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1110233 -- dwmw2 smime.p7s Description: S/MIME cryptographic signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto