Re: NSS Custom Crypto Module
Is there any documentation about how to use ckfw or someone has to read and understand it from source examples erc.? -- View this message in context: http://mozilla.6506.n7.nabble.com/NSS-Custom-Crypto-Module-tp319226p319424.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS Custom Crypto Module
On 07/10/2014 01:53 PM, ramahmoo wrote: Thanks,i would ready the documentation. Can i extend/modify the NSS internal pkcs#11 source (softokn3.dll source) to achieve my requirement? It's probably not a good idea to try to create your own softokn3.dll to replace the mozilla one, you will be forever chacing the upstream version (Any new ciphers supported in firefox will wind up in softoken3.dll). You could use the softoken source to build our own PKCS #11 module, though I would recommend using ckfw instead. There are tools to help install your own PKCS #11 modules, and you don't have to update them everytime NSS updates. look at: In NSS itself, there's modutil: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_modutil https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_tools_:_modutil http://lxr.mozilla.org/nss/source/cmd/modutil/ From the coolkey project, there's pk11install: http://svn.fedorahosted.org/svn/coolkey/trunk/src/install/ This tools has code that searches for all your mozilla profiles and installs your module in them. Once installed, new version of Firefox will automatically inherit your PKCS #11 module. Or it is meant only internal usage. If it can be used as starting point then which methods should i override? I'd suggest starting with capi or builtins as a better example of what you need to build a pkcs #11 module. bob -- View this message in context: http://mozilla.6506.n7.nabble.com/NSS-Custom-Crypto-Module-tp319226p319284.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS Custom Crypto Module
On Thursday, July 10, 2014 4:28:30 AM UTC-4, ramahmoo wrote: platform fashion. Using Firefox only is not a problem. Can i extend the existing internal softtoken implementation to achieve the above? If yes which methods has to be overriden. If no, from where should i start? What about pin management in this case?I am newbie to PKCS#11 :) Thanks for your I'm relatively new with PKCS#11 as well. From my perspective, I'd recommend starting with SoftHSM instead of NSS. http://www.opendnssec.org/softhsm/ In all honesty, the code in both NSS and SoftHSM seem very similar in structure - the major difference being that NSS is more full featured in that it not only provides a PKCS#11 interface for other applications to use, it can also be configured to use one or more PKCS#11 interfaces from other providers. As I am working on something similar myself, I find it easier to modify SoftHSM since it's code doesn't include a large amount of extra functionality that is not of interest to me. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS Custom Crypto Module
Thanks,i would ready the documentation. Can i extend/modify the NSS internal pkcs#11 source (softokn3.dll source) to achieve my requirement? Or it is meant only internal usage. If it can be used as starting point then which methods should i override? -- View this message in context: http://mozilla.6506.n7.nabble.com/NSS-Custom-Crypto-Module-tp319226p319284.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto