On Jul 8, 6:53 pm, avih <[EMAIL PROTECTED]> wrote: > Wan-Teh Chang wrote: > > On Mon, Jul 7, 2008 at 8:17 AM, avih <[EMAIL PROTECTED]> wrote: > >> Also, I tried using softokn3.dll copied to a new directory (from > >> Firefox 3 installation) as a starting point. After it complained while > >> loading, I added more and more files untill it loaded properly. I > >> ended with the following files in a clean directory: > > >> softokn3.dll > >> freebl3.chk > >> mozcrt19.dll > >> nspr4.dll > >> nssutil3.dll > >> plc4.dll > >> plds4.dll > >> softokn3.chk > >> sqlite3.dll > > > Yes, this is the correct list of files you need to use softokn3.dll > > as a standalone PKCS #11 library. There is an optional DLL > > nssdbm3.dll for accessing the old Berkeley DB. (Firefox 3 > > is still using nssdbm3.dll.) mozcrt19.dll is only needed > > when you use the NSS binaries from a Firefox 3 installation. > > If you build NSS from source code, you won't need mozcrt19.dll. > > >> The dll now loads ok, I got the function list pointer ok, but every > >> pFunctionList->C_Initialize(&ArgsInitialize) call that I tried (both > >> valid and invalid combination of arguments) returns with an error code > >> 48 (CKR_DEVICE_ERROR). > > >> I've read about a config file, but couldn't quite understand if it > >> only relates to java binding, how to use such file, I've read about > >> pointing it to a db file, but couldn't quite find examples of such > >> usages, and generally, how to make the dll load properly, initialize > >> and function as a working pkcs11 front-end with a soft-token back-end. > > > The following wiki page documents how to initialize the NSS softoken > > for the FIPS mode of operation: > >http://developer.mozilla.org/en/docs/FC_Initialize > > > The key difference is that you need to use NSS's extended > > CK_C_INITIALIZE_ARGS structure, which has a LibraryParameters > > field. The wiki page has two examples of the LibraryParameters strings, > > with a link to the specification of that string. > > > In the NSS source tree, pk11mode.c is a test program that demonstrates > > how to use the softoken in FIPS and non-FIPS modes: > >http://lxr.mozilla.org/security/source/security/nss/cmd/pk11mode/pk11... > > > Finally, you can refer to our FIPS Security Policy (pp. 4-5 and 28-31) for > > how > > to use the softoken as a standalone PKCS #11 library: > >http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814 > > > Wan-Teh > > Still couldn't manage to C_Initialize. I copied the entire > initialization sequence from pk11mode.c, and it still always return > CKR_DEVICE_ERROR. > > I tried without any cli args (default values), tried the mozilla line of > library initialization (copied from the FC_Initialize wiki page) , > while pointing the path to a new directory that I created that contains > all of the profile files (without any subdirectories), added the > nssdbm3.dll because when I pointed it to a firefox profile, it would > probably use the berkly DB files of firefox (cert8, key3, secmod ?), > tried both fips and non fips modes ([F]C_GetFunctionList ), all to no > avail. It always fails to initialize with the same error value. > > Also, what I've done so far was trial and error stuff. I'd still > appreciate a more complete procedure to create such stand alone > soft-token pkcs11 instance. > > i.e.: > > 1. What minimal set of DLL/DB/Other files should I use (let's keep the > discussion to a firefox 3 installation, possibly with a new user profile > as the base for these files) and where should I put them? > > 2. Can I use no DB files and let the library create them on the fly? > what are the consequences? Can I use the firefox DB files instead? what > are the implications/limitations of that? What should I know about those > DB files? > > 3. what possible/minimal-set values of LibraryParameters would be > compatible with such stand alone instance? > > thanks in advance, > avih
ping... _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
