Nate Nielsen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Robert Relyea wrote:nss/lib/ckfw itself is meant to be a framework to quickly bring up new PKCS #11 adapters. It's meant to be separable from NSS, (and in fact has no nspr dependencies).Interesting. I guess it compiles the parts of NSS and NSPR that it uses into the the PKCS#11 module itself?
Yes, it statically links those parts.
Unfortunately there isn't. At this point there are only 3 people on the planet that have build ckfw PKCS #11 modules, Fred Roeber, myself, and Rob Crittenden.Is there documentation anywhere for this CKFW framework?
I know the issue. That's why I build the ckfw capi module. The long turn goal is to get it into the mozilla clients themselves. Right now there is an annoying memory leak that brings down thunderbird about once a week (unfortunately it comes down just as I send my email since I sign everything). Other than that, I've used it to acquire certificates, and import pkcs #11 files. I had to fix a bug in NSS and psm to get it to export a pkcs #11 file.Just to clarify, the reason I'm developing the cryptoki-capi, is that several clients of mine dislike the Mozilla state of affairs as far as not using the OS's (in this case Windows') certificate and key store. It makes things so much more insecure to have keys and policy littered throughout the configuration files of each program.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
