i dont know if this is related what you are trying, but i use an
smartcard with attached certificate to encrypt data.
For all the operations, im invoking OpenSSL functions.
2011/7/22 florent ainardi fainard...@gmail.com:
hi
i try to make a simple program to encrypt data with aes
but the
As i tell you a few minutes ago, i have working code for openssl
AES_CBC operations using a certificate.
All the info its available at openssl.org (im not very happy with the
doc, but its enough)
Im migrating some apps at the moment, so ill review that code in next
months, ask anything if needed.
Im using nss as the interface between my token (smartcard) and firefox.
So firefox or thunderbird can encrypt, sign or hash using my smartcard
certificate.
If your app needs to encrypt, read how openssl crypt functions works
and include them on your code.
you dont need NSS until you are working
I hope it is related.
A few months/years ago (no one really cared until i noticed it a few
weeks ago [WTF!]), some of our software installations start to fail
and corrupt the cert8.db or key9.db on Firefox or Thunderbird.
This is more or less the scenario:
Firefox/Thunderbird profile working. I
Hi Walter.
In our company we have a similar scenario: certificates on
smartcard+pkcs#11 (not opensc based)+jss4+applet+firefox.
Im the developer and mantainer of the smartcard+pkcs11+installers, and
a partner is it for jss4+applet.
AFAIK, we are using jss4 'cause we had some problems with jss3. I
Checking https://developer.mozilla.org/jss_build_4.3.html i
succesfully compiled some time ago NSS+JSS+modutil/certutil for OSX
10.6.7
I reported in on wiki
https://developer.mozilla.org/HOWTO_successfully_compile_JSS_and_NSS_for_32_and_64_bits_on_OSX_10.6_%2810.6.7%29
how i did it.
This week i
IMHO you should distribute your jss+their dependencies, cause firefox
libs are more recent and could have incompatibilities. (We had a bunch
of this kind of errors).
So, copy all files to c:\test, add c:\test to the path and
remove/rename any other jss3.dll file on your system to ensure nothing
I would like to add a couple of things:
As stated in here:
http://www.mozilla.org/projects/security/pki/jss/using_jss.html, you
need specific version of nss/nspr depending on your jss library.
Apart from that, i have noticed that JSS 4.2.5 depends on libnspr,
libplc4 and libplds4 among others
and, has anyone achieved to compile it using mingw?
im always having many issues with that...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi folks.
We are trying to do a cert request using our pkcs#11 module our
smartcard, using an html keygen object.
When doing the request (with the card inserted), a dialog is shown to
choose between built-in security token and our own.
Can this dialog be avoided?
Can our token be set from
wow!...sounds great!...
¬¬
No, not in the current interface.
No, currently here the key pair lands is under the user's control.
I think there may be an interface to query the PKCS #11 modules present, but
I don't know if it's available to web pages, or just 'chrome' elements
(plugins).
--
Hello guys!
Sorry if already asked on the list, but i cant find a similar
issue.(Maybe i have to improve my find skills)
We are developing a PKCS#11 library for our smartcard, actually
working great on win, Linux and osx. (No, its not based on OpenSC,
although IMHO it should)
Yesterday we
Hi again rob/all, thx for your answer.
This appears to be your problem. I have know idea what library you are
using for your primitives (presumably openssl)
Yeah, Openssl
, but it clearly is not
decrypting the key with RSA_PKCS1_PADDING. The expected result should be
something like 24-16
!
Should i file a bug for this?
Thanks again for your patience and help.
El día 23 de enero de 2012 12:50, Martin Paljak
mar...@martinpaljak.net escribió:
On Mon, Jan 23, 2012 at 10:18, helpcrypto helpcrypto
helpcry...@gmail.com wrote:
Ill ask again: We do only CKM_RSA_PKCS. Does Mozilla
Yes, 24 bytes is the length of the key. That key length is different for
different key length. You are supposed to get that length from the encoded
in pkcs #1 format. The underlying decode function should tell you how many
bytes it is returning (assuming it's decoding pkcs #1 data). That is
Robert Relyea rrel...@redhat.com wrote:
Sorry my bad, I wasn't clear. The double decrypt happens in the case where
you first call C_Decrypt with pData = NULL. In that case you can return 128
instead of decrypting the data just to get the length. In the case where
C_Decrypt is called with
Is eny error shown at NSSUtilLogger.msg(ERROR, Failed to read
attribute %x from private key., type); ?
El día 25 de enero de 2012 17:04, weizhong qiang
weizhongqi...@gmail.com escribió:
hi all,
I tried to get the attributes from a private key (see the following code
piece). But only the
my mistake. i mean the RV value
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
of the private key, but the outputting of private key is not allowed
in nss?
Thanks and Best Regards,
Weizhong Qiang
On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote:
Is eny error shown at NSSUtilLogger.msg(ERROR, Failed to read
attribute %x from private key., type); ?
El día 25 de enero de
In the first call you need to return a value at least big enough to hold the
decrypted data. 128 bytes (size of encrypted data) is big enough for RSA.
This isn't ideal, however. You keep saying the data is 24 bytes, but that's
not a given, it's only true in the case you were talking. If you
Old binaries for jss can be found here:
http://ftp.mozilla.org/pub/mozilla.org/mozilla.org/security/jss/releases/.
for newer versions, you should compile them.
read: http://www.mozilla.org/projects/security/pki/jss/
El día 5 de marzo de 2012 03:09, SUMANTH_k sumadhurac...@gmail.com escribió:
I
:
process_begin:CreateProcess(NULL,...) failed...
http://old.nabble.com/file/p33445482/Untitled.png
Help is needed...pls
helpcrypto helpcrypto wrote:
Old binaries for jss can be found here:
http://ftp.mozilla.org/pub/mozilla.org/mozilla.org/security/jss/releases/.
for newer versions, you should compile them
://www.mozilla.org/projects/security/pki/jss/using_jss.html
El día 6 de marzo de 2012 03:36, SUMANTH_k sumadhurac...@gmail.com escribió:
Yes i have installed mozilla-build tools...Do u know how can i use it using
mingw?
helpcrypto helpcrypto wrote:
have you installed mozbuild tools?
i use mingw, so
first try copying files on a short not-whitespaced directory. eg:
c:\nss, insteand of c:\program files
also, make sure you have required binaries (like sh, ld...) on path
El día 6 de marzo de 2012 06:32, SUMANTH_k sumadhurac...@gmail.com escribió:
Dear Sir,
i m having problem while
I dont know if building nss for windows does need an especial
environment like mingw/cygwin. I dont expect things like $'\r work on
cmd.
Anyhow, the first error means the binary cl.exe cant be found. Try
looking for it on your hard drive and add the correct directory to the
path (if not already).
Hello all.
During a refactor of our crypto applet, we have found an issue on OSX
10.6 (more OS pending to try), and ill like to know if we're doing the
correct things.
Before this refactor, we were parsing secmod.db to get all pkcs11
modules configured on NSS (We did it, altough we got some which
Hi all.
Due some problems using Thunderbird ESR, we have found the following,
and would like to ask the experts...
We have noticed Thunderbird 10.3 (probably older versions too)
rewrites cert8.db each time it closes. The file its the same, but
the modified date has changed.
- Is this normal?
-
Cough, cough...exit(CKR_OK) != return CKR_OK...cough, cough
Now cert8 is modified always (with or without our module).
Anyway, can someone tell me why cert8 is rewrited on each run/close?
On Tue, Mar 27, 2012 at 9:18 AM, helpcrypto helpcrypto
helpcry...@gmail.com wrote:
Hi all.
Due some
Hi brian ( CO)
Today, a buggy old/legacy modutil.exe binary we are using, made me try
building NSS using mingw. Once again.
...
make[4]: /mingw/bin/windres: Command not found
Ok...i must copy windres from another mingw and this seems solved.
...
make[2]: Entering directory
Using --verbose:
$ gcc --verbose -mno-cygwin -o now.o -c -O -UDEBUG -DNDEBUG=1
-DXP_PC=1 -DWIN32=1 -DWINNT=1 -D_X86_=1 -DFORCE_PR_LOG ../../config
/now.c
Using built-in specs.
COLLECT_GCC=C:\mozilla-build\msys\mingw\bin\gcc.exe
Target: mingw32
Configured with: ../../src/gcc-4.5.2/configure
Using process monitor, as explained here
http://stackoverflow.com/questions/3908475/gcc-exe-createprocess-no-such-file-or-directory-error,
i finally solved this issue, but an old friend appears again: warnings
about discarding thread
Hello, this is a question for the NSPR/NSS guys.
A few days ago, while having a problem parsing secmod.db contents we found:
http://stackoverflow.com/questions/2873581/is-it-possible-to-access-a-bdb-from-pure-java
and also:
http://sethi.org/tmp/ssh/src/com/mindbright/bdb/DBHash.java
Hi all [Opening my pandora...].
A few months ago we started having problems with NSS (and OSX):
-Cannot load NSS libs from applet on Firefox 4 on MacOSX
http://forums.mozillazine.org/viewtopic.php?f=38t=2165273
-Firefox 4 bad initialize on Mac OSX 10.6.7 This cause wrong
java.library.path,
Thanks for the info. Countdown to sqlite...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
IIRC, NSS doesnt have an official mantainer on Mozilla bugs, isnt it?
If this happens, its probably the source of many problems here. I have
filed a few bugs and most of then arent even checked.
To be fair honest, im also guilty of that, but i dont feel confident
enough to edit Mozilla source.
So, IIUC, both of you consider using system/os/platform keystore
(directly [or hooked]) the best option?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
The only way I recommend building NSS on Windows is with Microsoft Visual C++
and the mozilla-build package located at
https://developer.mozilla.org/en/Windows_Build_Prerequisites#MozillaBuild_.2F_Pymake
:(
See https://bugzilla.mozilla.org/show_bug.cgi?id=570340 where there is a
Google Chrome is exposing NSS to Java/JSS on Mac OS X? I did not think that
Chrome uses the NSS certificate database at all on Mac OS X.
Google chrome use each OS specific keystore. On OSX its keychain, so
theres no need of JSS. In Linux, and using shared nss db, it uses jss
and works well.
IMHO it depends quite a bit on what your target audience is.
Document signing on a web browser, its *always* done using a java applets.
Tax payment, traffic bills, more taxes...in hour case, official
documents signed by the ministry autorized people.
--
dev-tech-crypto mailing list
http://www.w3.org/2011/11/webcryptography-charter.html
BSmith ans RRelyea directed me there also. All fishes go to sea... ;)
http://webpki.org/papers/wasp/wasp-tutorial.pdf
http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf
I think i already read both documents some
On Mon, Apr 9, 2012 at 6:16 PM, Anders Rundgren
anders.rundg...@telia.com wrote:
On 2012-04-09 12:13, helpcrypto helpcrypto wrote:
http://www.w3.org/2011/11/webcryptography-charter.html
BSmith ans RRelyea directed me there also. All fishes go to sea... ;)
The really big fishes (Google, Apple
I would not build a scheme based on NSS because NSS is not a prerequisite
unless you force people to use Firefox.
We arent forcing. We already support Microsoft, OSX and Google
browsers, and (trying) Firefox too.
Hooking Mozilla/NSS into native APIs like CryptoAPI is a much more important
So, do you (we) ALL agree NSS should be modified to hook with system
keystores like Windows or OSX? (Linux has no default system keystore,
so there will be no changes by now)
Maybe wtc has something to say against this...
Are mozilla (we) going to see (wait) whats is said on:
It was for example suggested that PKCS #11 should be exposed as a
JavaScript object. I think that is downright ridiculous idea,
almost as bad as: http://www.sconnect.com/FAQ/index.html
Let me expose two user-cases where i think that will be helpfull (and
maybe the only option).
-Web page
Although E2ES (End-to-End-Security with respect to the *container*) is
actually my line of work (http://webpki.org/papers/keygen2/sks-api-arch.pdf),
I don't understand why you would use it during signing or authentication.
Yes, TLS-client-cert-authentication is also E2ES but it works one level
On Wed, Apr 18, 2012 at 10:03 AM, Anders Rundgren
anders.rundg...@telia.com wrote:
Dear helpcrypto, now it became a little bit messy because I'm talking about
principles while you are talking about specific interfaces like NSS, and PKCS
#11.
Ok. Rather than discussing technical or theorical
My scenario is a billion+ community who haven't a clue what a CSP
is and never will. They may not even know what a certificate is!
A CSP-solution doesn't give the issuer any information about where and
how a key was generated. The same goes for NSS, JCE, and PKCS #11.
Developer *can* know
(to me, that question makes no sense. users can't talk to smart cards.
Only smart card readers and programs can. So what smart card reader and
what program is doing this? A dumb smart card reader and a browser,
following Javascript instructions from a website? That'd be game over...)
Why
I can see where this difficulty is, I've worked on smart cards and it is ...
perverse. I'll see if I can explain it. As an aside I have no idea what
the NSS people think, I'm not speaking for them, and they don't typically
like what I say :) Apologies out of the way, onwards!
This sounds
My solution to this is to treat all PKI-using applications as complete
applications running in trusted code. W3C tries to do something different,
we'll see how that pans out...
Ok Anders, but you are -again- talking much about your protocol, not
answering my question (or at least, i didnt get
Dear HelpCrypto, I'm not pushing my protocol. I just don't think
that web-pages should be able to directly address *any* device
but the screen.
If that were true, many things (like JSS) should dissapear from MDN.
Dont missunderstand. Im not complainning you or your protocol.
If you take
After reading your three mails, i have only one thing to say: Clear as water.
Thank a lot for your patience and effort on explaining this for
short-minded like me.
Thanks a lot, REALLY, for your long, detailed and clear answer.
Of course, thanks a lot to Anders (which also suffered me) and
Helpcrypto, a possible *long-term* solution to this is that the requester
indicates such preferences. So if the requester says external card
(for example) the dialog would not need the user to select. If there
is no card present, it would ask the user to insert a suitable card.
This is at
for signWithUserConfirmation
as I know, that requirement was raised because of regulations of some
countries.
it is UI specific function and need some fixed UI (already
mentioned spanish DNIe)
I think we need some control for that with CSS style
the very important concept is the content
Supporting smart cards in the spec and first implementations is not a goal,
however, I think a lot of the base work we are doing will help in a future
iteration. For instance, I hope that this Gecko 'internal API' will help
extension and browser developers to experiment with smartcards,
If you want the signature + document to be legally sustainable and/or
user-interpretable, then plaintext signatures with embedded public keys are
the way to go. You can base64-encode the public keys :) Some further
development of this theme is at
+2!
On Sat, Apr 28, 2012 at 8:13 PM, Robert Townley fossco...@gmail.com wrote:
On Friday, February 17, 2012 11:07:47 AM UTC-6, Anders Rundgren wrote:
After looking into several similar solutions including Gnome Keyring
I wonder if it is not time for NSS transcending into a service rather
than
And what about applets without JSS, using Secmod [1] or the sunpkcs11
[2] provider?
[1] http://www.docjar.com/docs/api/sun/security/pkcs11/Secmod.html
[2] http://www.docjar.com/docs/api/sun/security/pkcs11/SunPKCS11.html
Any comments?
--
dev-tech-crypto mailing list
Probably i missed a know bug but:
ldd /usr/lib/firefox/libsoftokn3.so shows
libmozsqlite3.so = not found
Can you confirm this? It is a bug, isnt it?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
IMVVHO, Firefox/Mozilla should work like Chrome: using the
keystore of each OS. ie: MSKeystore on Windows, Keychain on OSX and (a
shared) NSS on Linux.
Similar for Android or other systems.
Probably (surely) this was discussed somewhere and some time ago, but
maybe the time to change has come
Let me ask to make it clear:
You are asking for: (paths are just for example purposes)
a) To set up a $HOME/nss to store user certs + trusted by the user
(actually more/less what already have). Doesnt Chrome use something
like that already?
b) To set up a /usr/nss to store system-wide certs and
On Thu, Jan 24, 2013 at 3:44 PM, marathi...@gmail.com wrote:
Hello,
I need to add/remove certificates in my NSS db from certdata.txt (obtained
from
http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt)
I was partially able to parse using the go script (it
https://www.google.com/search?q=c%2B%2B+create+self+signed+certificate
On Sat, Feb 2, 2013 at 8:30 PM, James Burton
james.burt...@btconnect.com wrote:
Hello
I want to create a selfsign certificate in c++ but i don't know were to start
and
i would like some help if you could make a example
Hi David.
First: Thank you (all) for your hard work on this.
Second: Sorry for any mistake, typo or pocahontas speak.
IMHO we NEED this, and Mozilla NEED it also.
In our case, we are currently using a Java applet to make digital
signature of documents in many formats (XMLDsig, XAdES, PAdES...)
I do understand the frustration you must feel in trying to get browsers
to work closely with your national ID/Cert system. There are many such
systems, and trying to create an API that works with your specific
requirements, hardware and regulations is very difficult. The WG notes
this by
The problem with this approach is that you expose keys to arbitrary javascript
code which is rather different to for example TLS-client-certificate
authentication which only exposes a high-level mechanism as well as a
[reasonably] secure credential filtering scheme and user GUI.
clear as
I think we all mean key handles instead of plaintext key material
but the problem is the same - keys get exposed naked and can be
(ab)used for whatever.
I mean, apart from malicious sign operations, i dont see any risk on
javascript seeing a key handle. Is there any?
If the only risk are
ie: javascript invoke getKeyFromPKCS11(modulename) and #1 is
returned, but can be used.
How do you envision that this access should be controlled?
Here imagine that you have dozens of keys, not just a single key in a smart
card.
The same way as SSL client authentication: with a dialog
So, to sum up:
Will it be possible, using Web-Crypto API, to sign using a Pkcs#11
key/cert? What about MSCAPI key/cert?
Will it be possible, using Web-Crypto API, to sign in batch-mode?
Thanks for answers!
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
BTW, what is this?
http://html5.creation.net/webcrypto-api/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
When we have to generate signed copies for a lot of documents (eg:
student course certificates), we use our applet the following way:
- step 1: authenticate and retrieve certificate to use
- setp 2 (n times): sign using selected certificate
Of course, there are risks of signing undesired
In my opinion this is a perfect application for server-based signatures.
What's needed is an authorization signature where a responsible person
attests that he/she have verified the correctness of the input data
that I guess is presented in web format.
The attestation would be stored in the
More generally, I would like to remove all the Mozilla-proprietary methods
and properties from window.crypto; i.e. all the
ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of
them are actually pretty problematic.
Are there any worth keeping?
signText() is used
On Mon, Apr 8, 2013 at 12:10 PM, Anders Rundgren
anders.rundg...@telia.com wrote:
This seems to be out of scope:
http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0072.html
Hi Anders.
As it scopes signning:
http://www.w3.org/TR/WebCryptoAPI/#Crypto-method-sign, I suppose you
mean
of this
functionality.
Yes, we have smartcards and use them with Java.
A little example: http://stackoverflow.com/a/8429162
Nice day!
On Fri, Apr 12, 2013 at 4:54 AM, helpcrypto helpcrypto
helpcry...@gmail.com
wrote:
On Thu, Apr 11, 2013 at 11:59 PM, Jaime Hablutzel Egoavil
hablutz...@gmail.com wrote
On Tue, Apr 16, 2013 at 8:01 PM, Robert Relyea rrel...@redhat.com wrote:
On 04/15/2013 02:34 PM, Matt Yakel wrote:
Hi all, Is the certutil a linux tool only? I am needing to deploy Local
Security Certs to our work network (windows).
No, it can be built for pretty much any NSS supported
On Tue, Apr 16, 2013 at 7:27 PM, Jaime Hablutzel Egoavil
hablutz...@gmail.com wrote:
Are you talking about PKCS11 bridge for a standard PKCS#11 module?. I was
thinking in accesing smartcards configured in NSS database, so I don't have
to deal with the location of the dll module. I'm sorry I'm
and tokens that are configured in the NSS DB
and freely access all of it.
On Fri, Apr 19, 2013 at 8:57 AM, helpcrypto helpcrypto
helpcry...@gmail.com
wrote:
On Tue, Apr 16, 2013 at 7:27 PM, Jaime Hablutzel Egoavil
hablutz...@gmail.com wrote:
Are you talking about PKCS11 bridge
Hi Shivam.
Look for a little bugs, like
https://bugzilla.mozilla.org/show_bug.cgi?id=670895 and start to get use
with NSS internals.
Also, check https://developer.mozilla.org/en/docs/NSS
And dont hesitate to ask ;)
On Thu, Jul 18, 2013 at 9:37 AM, Shivam Agarwal
Hi.
Does anyone in here have a recently compiled version of modutil, certutil
and their dependencies, for windows platform? (better if both: 32 bits and
64 bits).
Just to save time and head hitting against the wall...
Thanks in advance!
--
dev-tech-crypto mailing list
nvm, already built.
btw, is normal certutil -L -d path not to list/echo anything?
On Thu, Aug 22, 2013 at 9:50 AM, helpcrypto helpcrypto helpcry...@gmail.com
wrote:
Hi.
Does anyone in here have a recently compiled version of modutil, certutil
and their dependencies, for windows platform
I compiled nss+nspr+modutil+certutil 32 bits vs2009 last week. Didnt
compile 64 bits cause Firefox 64 bits is no longer supported (IIRC).
On Sat, Aug 24, 2013 at 2:21 PM, farhad@gmail.com wrote:
I searched the net for 64bit build but didn't find anything, I don't have
enough time to build
+1!
On Sun, Aug 25, 2013 at 3:02 AM, Kyle Hamilton aerow...@gmail.com wrote:
Hi,
I'm finding myself in a situation where I need to use the certificates and
keys stored in my standard NSS profile in other applications.
My initial, naïve idea was that NSS itself is a PKCS#11 module.
In the past we used JSS but at the end we have move to SunPKCS11 provider.
Consider using it as stated in
http://docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS
My two cents.
On Thu, Aug 22, 2013 at 9:12 PM, raj raje...@gmail.com wrote:
Need help in doing the NSS+JSS
On Mon, Aug 26, 2013 at 7:11 PM, raj raje...@gmail.com wrote:
Hello helpcrypto,
Thank you so much for your response. If we use the SunPKCS11, is NSS
library
the one doing encryption/decryption stuff??
No idea.
Just use NSS to access installed certificates to sign using PKCS#11
interface.
*Hi all*
Before starting, I'll to apologize for any incorrect grammar or typo I
could do. I'm not a native and I'm trying my best.
Altough I think most of us agree that *The era of Java Applets must end*,
after asking a few questions to WebCrypto WG, seems they dont share this
tought/they dont
On Mon, Oct 28, 2013 at 2:03 PM, florian.ben...@quantumedia.de wrote:
On Monday, October 28, 2013 1:50:42 PM UTC+1, helpcrypto helpcrypto wrote:
Something similar to Webcrypto should work, but having user keys in mind.
AFAIK, WebCrypto[1] is the replacement for the current window.crypto
Probably im lost in the translation.
Some of our users still have 1024 RSA certificates which they use for HTTPS
client auth or signing documents.
Are you suggesting to stop supporting/allowing this certificates?
If yes, i supose you will change low level to 2048 on keygen, isnt it?
On Sun,
On Fri, Jun 27, 2014 at 6:32 PM, Brian Smith br...@briansmith.org wrote:
Hi
The issue is that the WebCrypto API uses a totally separate keystore from
the X.509 client certificate keystore (if it doesn't, it should be), and
the stuff that Red Hat does is about client certificates. AFAICT,
Hi all.
Sorry for resurrecting zombies (again). And sorry if this has been answered
already (Too much work confuse my mind).
As I have said before, in our organization we use a Java Applet to discover
and use smartcards (vía PKCS#11) to be able to do batch document signage on
web pages with
Ping?
On Fri, Jul 11, 2014 at 8:46 AM, helpcrypto helpcrypto helpcry...@gmail.com
wrote:
Hi all.
Sorry for resurrecting zombies (again). And sorry if this has been
answered already (Too much work confuse my mind).
As I have said before, in our organization we use a Java Applet
IIRC, nicknames aren't part of PKCS#11 standard, so i would suggest instead
using CKA_ID (hash of public key; certificate, public and private keys have
the same)
On Tue, Oct 7, 2014 at 9:15 AM, Sean Leonard dev+mozi...@seantek.com
wrote:
Hi Mozilla/Firefox crypto people:
In Firefox 33 (and
. Then you could use C_G/SetAttributeValue with CKA_LABEL, isnt it?
Sean
On 10/7/2014 12:38 AM, helpcrypto helpcrypto wrote:
IIRC, nicknames aren't part of PKCS#11 standard, so i would suggest
instead
using CKA_ID (hash of public key; certificate, public and private keys
have
the same
As NSS doesnt expose that function (IMHO it Should), couldnt you use
PK11_Read/WriteRawAttribute? (Apart this should being fixed or not)
On Tue, Oct 7, 2014 at 10:20 AM, helpcrypto helpcrypto helpcry...@gmail.com
wrote:
On Tue, Oct 7, 2014 at 10:02 AM, Sean Leonard dev+mozi...@seantek.com
For such a tricky thing, although I dont like it, you could use a proxy
library, like PKCS11SPY which forwards every call to your library, but
sends the PIN when needed / at first use if your token is present (to avoid
locking other cards).
If you need such behaviour, why just dont use NSS
Haven't tested yet, but you could file a bug, altough I dont know if it
will be accepted.
If you have both accounts on your profile, you are the 2 people, hence
there's no reason to send you a crypted message to yourself.
I would accept the bug, but will give a 0.001 priority...
A workaround
Hi again, sorry for delay.
Yes, you can (SHOULD) use SunPKCS#11 to access directly the
libraries/modules.
You can do it two ways:
- attack libraries directly
- parse (legacy) secmod.db on Firefox profile to list modules/libraries.
Have a look on
On Mon, Feb 2, 2015 at 1:17 PM, Kai Engert k...@kuix.de wrote:
exported:
OS_TARGET=WINNT
Please use OS_TARGET=WIN95
That's the newer and supported configuration.
LOL
hahahahahahahahahahahahahahaha
I love you kaie ;)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Thu, Jan 15, 2015 at 2:55 PM, deepreel deepr...@gmail.com wrote:
helpcrypto:
Thank you great code samples...but...I'm stuck with using JSS and the
org.mozilla.jss.ssl hierarchy.
Your snippits are using either JSSE or apache libraries no?
Unless I'm missing something obvious.
IIUC what Bob/Christina said, it's not possible yet.
Personally, i have no idea :P
On Thu, Jan 15, 2015 at 9:37 PM, deepr...@gmail.com wrote:
Ahh, ok fine.
But are you able to tell me if it's possible to create TLS 1.1 and 1.2
sockets with JSS.
Thanks a bunch.
--
dev-tech-crypto mailing
1 - 100 of 130 matches
Mail list logo