hi Jens,
uff, i thought i was the only one one this planet who's
struggling with the softoken ;-) But now i have
it actually running!
"Jens B. Jorgensen" wrote:
> My suspicion was the same as yours so I searched through secmod.db and found a
> string containing the path to my profile since the module would certainly need
> this. I pulled out the string:
Finally i get it running. First i modified the softoken's
nsc_CommonInitialize a little bit:
<SNIP>
CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
{
CK_RV crv = CKR_OK;
SECStatus rv;
CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)
pReserved;
int i;
int moduleIndex = isFIPS? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE;CBR
CK_C_INITIALIZE_ARGS myInitArgs;
char *params= "configdir=\'C:/Dokumente und
Einstellungen/mes/Anwendungsdaten/Mozilla/Profiles/Default
User/5ucspxqs.slt\'certPrefix=\'\'keyPrefix\'\'secmod=\'secmod.db\'";
myInitArgs.LibraryParameters = params;
init_args = &myInitArgs;
.
.
.
</SNAP>
Note that this is only a "quick hack" to get the softoken running
without passing a CK_C_INITIALIZE to C_Initialize. Later
i will use environment variables or ini files to supply the
profile dir and the secmod.db name.
NOTE: I assume you are using Windows ;-) Then you will have to use
a slash as fileseparator instead of backslash!
First i used backslashs in the configdir string,
which causes an error when calling C_Initiliaze.
> Actually C_GetFunctionList is really all it needs to export. C_GetFunctionList
> gets you pointers to all the other functions.
Ok. This was my fault. Of course its sufficent to just export
C_GetFunctionList. With the little modification above in the softoken
function
i could call C_Initialize passing a NULL_PTR without any problem.
> Ok, now things are a little clearer. Perhaps you might instead look at
> encapsulating openssl to do the encryption? openssl is truly a standalone
> library and though its interface is poorly documented I have used it on a couple
> of occasions and haven't had too much trouble getting things to work.
Hmm. I just want to use the existing encryption part of the
softoken. The softoken has a crypto token in slot 1 which performs
all cryptographic operations like sign,encrypt.....
Slot 2 seems to be responsible for the key and certstorage.
> By the way though if you want to ultimately use this pkcs11 module in
> mozilla/netscape you don't have to implement all the other encryption stuff at
> all. For example I have a Dallas Semiconductor Java iButton crypto token which
> has a pkcs11 module.
Thats funny. My external secure devices is java based too. On that
device
i store my private keys and i want to do all the private key
associated crypto operations. In fact bouncycastle for java is providing
all the crypto operations on my secure crypto devices.
Unfortunatly there is no PKCS#11 API for my secure java device, so i
decided to make it accessible for applications through pkcs#11.
Since i dont want to waste time implementing things which are
already done, i thought of modifying the pkcs#11 softoken.
Softoken can do all the "dirty" stuff (session management, object
management and public key related crypto operations). But instead of
retrieving the
private keys from the "key3.db" i want to modify the softoken to
retrieve the private keys from my secure device.
Hope this is possible with softoken? Has this something
to do with the so called "lowkey" and "crypto" -layer of NSS?
Unfortunatly i didn't found any documentation for the softoken,
ckfw or fortcrypt. :-(
If some out there has some documentation or diagramms for the
softoken or ckfw please tell me where i can find it.
Thanks in advance
Christoph Brueckner
