EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Mozilla Certificates through PKCS#11

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#10921
Posted: 08/31/2009 15:14:51
by Santiago CastaƱo (Standard support level)
Joined: 04/16/2006
Posts: 155

Hi!,

Before saying anything, this post is related to:
[URL=http://www.eldos.com/forum/read.php?FID=7&TID=1221]http://www.eldos.com/forum/read.php?FID=7&TID=1221[/URL]

I always wanted to get access to Thunderbird or Firefox (Mozilla NSS) certificates, but as most of the customers feel confortable with CryptoAPI + PKCS#11 + PKCS#12 I'm not in a hurry.

But i've got some code from a Java Applet that can access NSS certificates. They're stored in softokn3.dll library that is in the directory where the executable of Thunderbird or Firefox is located.


Here's the code:
Code
ByteArrayInputStream bais= new ByteArrayInputStream(("name = NSS\n" +
               "library = " + _pkcs11file + "\n" +
               "attributes= compatibility" + "\n" +
               "slot=2\n" +
               "nssArgs=\"" +
               "configdir='" + _currentprofile + "' " +
               "certPrefix='' " +
               "keyPrefix='' " +
               "secmod=' secmod.db' " +
               "flags=readOnly\"\n").getBytes());
       
      
      _pk11provider = new sun.security.pkcs11.SunPKCS11(bais);
      Security.addProvider(_pk11provider);


I don't know much of java security, only basic things, but it's opening a PKCS#11 with arguments as compatibility mode, or readonly.

I've tried of course to load softokn3.dll into PKCS#11 example and it throws error j=7=CKR_ARGUMENTS_BAD in:
Code
    j := TPKCS11InitializeFunc(aModule.FuncArray[PKCS11_Initialize])(@aModule.FInitArgs) and $FFFF;


I think that the only thing missing then should be to change this line:

aModule.FInitArgs.pReserved := nil;

To maybe a pointer to a memorystream that holds similar information as Java does? but of course i'm not sure of anything, but i see SBB is near to accessing NSS certificates trough PKCS#11 and maybe it can light up some ideas.

I don't need it personally in a short future, but it maybe valuable information when the to-do of SBB is less full? as i say, only a post to see what you think...

Regards
#10923
Posted: 08/31/2009 15:57:48
by Ken Ivanov (EldoS Corp.)

Yes, the library (softokn3.dll) seems to be a valid PKCS11 DLL, however, it rejects the standard-compliant initialization call (as you can see, SBB tries to initialize the library in three different ways, but none of them succeeds). The PKCS11 specification does not declare any value for the pReserved parameter, requiring it to be set to NULL.

We will take a deeper look at this driver and get back to you once we dig something out.
#11514
Posted: 10/30/2009 02:35:57
by Wolfgang Denz (Standard support level)
Joined: 09/24/2008
Posts: 17

Did you find something out yet?
I would need the possibility to access (import/export) certificates in the database of mozilla as well, to free the user of the quite complicated process of importing certificates manually.

Thnx
Wolfgang
#11515
Posted: 10/30/2009 02:47:54
by Eugene Mayevski (EldoS Corp.)

No, we didn't, but I've added a task to ToDo list.


Sincerely yours
Eugene Mayevski
#25235
Posted: 06/09/2013 08:14:02
by Roland Kossow (Standard support level)
Joined: 05/16/2013
Posts: 29

I have also a BadArgument exception when trying to use SecureBlackbox VCL with another PKCS11 dll ( aloaha_pkcs11.dll version 1.0.0.62 ).
The manager is unable to refresh objects becua TPKCS11FindObjectsInitFunc returns 7 .
Loading of the dll works however.
What possibility to solve the issue do I have?

Best regards

Roland
#25236
Posted: 06/09/2013 08:16:42
by Eugene Mayevski (EldoS Corp.)

Roland, your question is not related to Mozilla storages. I'll move it to helpdesk now and you are welcome to post your DLL to HelpDesk for checking.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2350 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!