Nelson B wrote: > Heikki Toivonen wrote: > >> I've seen various posts about people trying to export and import >> certificates from and to the NSS certificate store. I have some vague >> memories of questions asking whether or not platform specific cert >> stores could be used, but AFAIK there has been no real work done about >> this. > > Tell us what platform(s) and for each one, what store(s) you care about. > Also, is your concern for CA certs, or a user's personal certs, or both?
I did not mean to be vague. I am not well versed with cert stores, and my assumption has been that for Windows and Mac (which are two of the platforms I play with) it should be pretty obvious and whatever ships with the standard OS configuration. On Mac you generally interact with Keychain (not sure what the programmable API is), on Windows there seem to be several front ends done using CryptoAPI. I wasn't really even aware that there would be something like a standard for Linux, but apparently there is something... What distros uses NSS? It seems like OpenSSL is more prevalent from my perspective. This would be for storing all certificates, although CA certificates would be most important. > Achieving a higher level of integration with a platform's cert store > means writing a shared library for each platform that makes its cert store > appear to be a PKCS11 module with a permanent "slot" and "token" that > contains certs and trust objects, just as NSS's own "built-ins" module > does now. > > NSS provides a pretty complete source framework for developing such a > thing. > It contains all the parts needed for PKCS11, and just lacks the platform > specific code. NSS's own "built in" root cert module is built on that > framework, as proof of concept. Ok, this is pretty much as I understood it although your explanation was much clearer than mine, and I was basically asking if anyone had implemented such a thing for Windows, Mac OS X and/or some Linux flavor. -- Heikki Toivonen _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
