Thanks for the response. I'm looking at the DogTag instructions ( http://pki.fedoraproject.org/wiki/ECC_Capable_NSS) for using an ECC-enabled NSS that strips out the softoken and freebl implementations and imports a third-party crypto module ( http://pki.fedoraproject.org/wiki?title=ECC_Enabling_Dogtag#Command_Line_Tests). They use modutil with the "-nocertdb" option, which I guess defaults all certificate operations to the token instead of looking at cert8.db and key3.db and use certutil as normal? I know that the referenced instructions are from a different project, but I was hoping anyone could confirm that this is a viable and "standard" way of modifying NSS to use a third-party cryptographic module and, if not, could point me in the right direction.
On Thu, Nov 19, 2009 at 2:54 PM, Kai Chan <nahc...@gmail.com> wrote: > Hi, > > Is there a way to do certificate operations in NSS without using the > cert8.db? I was looking at a post at mail-archive.com ( > http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg00245.html) > that suggested all this would now be internal to the PKCS #11 module, > removing dependence on cert8.db. Does that mean I can use the certdb > library to handle certificate operations? > > Thanks, > Kai > On Thu, Nov 19, 2009 at 3:34 PM, Wan-Teh Chang <w...@google.com> wrote: > 2009/11/19 Kai Chan <nahc...@gmail.com>: > > Hi, > > > > Is there a way to do certificate operations in NSS without using the > > cert8.db? > > Yes, you can initialize NSS with NSS_NoDB_Init(NULL). > Then NSS won't create or use any databases. > > You can then import certificates as "temporary certificates" > (as opposed to "permanent certificates" or "token certificates" > that are stored in cert8.db) and perform operations on them. > > Wan-Teh > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
