giomba/opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4dc226d05f
opensc/src/pkcs11
History
sth 4dc226d05f Added a little extra logging to C_GenerateKeyPair() 
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1224 c6295689-39f2-0310-b995-f0e70906c6a9
2003-06-25 10:57:41 +00:00
..
rsaref fix include paths. 2003-05-16 22:08:41 +00:00
.cvsignore Added some files to ignore, also for Windows 2003-04-18 14:57:50 +00:00
debug.c - improved debugging output of CK_ATTRIBUTE data 2003-04-16 14:18:07 +00:00
framework-pkcs15.c Changed SC_PKCS15_MAX_PINS to MAX_OBJECTS in pkcs15_create_tokens() 2003-06-24 11:31:02 +00:00
framework-pkcs15init.c Now you can specify your card profile for pkcs15init, both on the command line if you use the pkcs15init tool and in the opensc.conf file. Not specifying gives the default one, like before. 2003-06-18 08:07:12 +00:00
libpkcs11.c Added support for Mac bundles 2003-05-08 07:54:30 +00:00
Makefile.am fix include paths. 2003-05-16 22:08:41 +00:00
Makefile.mak Added debug.obj 2003-04-16 19:50:30 +00:00
mechanism.c - fixed typo in previous patch 2003-01-20 09:56:53 +00:00
misc.c added a check for CKA_CERTIFICATE_TYPE to attr_extract() 2003-06-04 12:24:19 +00:00
opensc_pkcs11_install.js Testing version. Use if you dare. 2002-01-28 19:29:35 +00:00
openssl.c Added #include <openssl/rsa.h>, this is needed for openssl 0.9.8 and higher where openssl/evp.h wont include the algorithms anymore (Nils) 2003-06-13 06:51:26 +00:00
pkcs11-global.c Avoid an Assertion Failed (ctx!=NULL) in log.c if sc_establish_context() fails in C_Initialize() 2003-04-28 09:55:36 +00:00
pkcs11-object.c Added a little extra logging to C_GenerateKeyPair() 2003-06-25 10:57:41 +00:00
pkcs11-session.c - allow full access to keys not protected by a PIN 2003-05-15 15:27:33 +00:00
pkcs11.h - New utility library libpkcs11 - supposed to provide easy loading and 2002-12-17 11:48:14 +00:00
README Have a compile option to enable PTHREAD locking at the pkcs11 level 2003-04-24 07:03:48 +00:00
sc-pkcs11.h First implementation of C_GenerateKeyPair() 2003-06-03 13:57:52 +00:00
secretkey.c Preliminary MacOS X build support, untested so far. 2002-06-03 15:18:47 +00:00
slot.c In slot_initialize(): Bugfix in a memset and added a pool_initialize() 2003-06-24 11:11:49 +00:00

README 

Installation
------------

Netscape:
	Select menu: Communicator -> Tools -> Security Info

	Select Cryptographic Modules
	
	Click: Add

	Module name: descriptive name about module (eg. opensc-pkcs11)
	Module file: absolute path of opensc-pkcs11.so

	For proper operation, you also need to configure the module:
	In the Crypthographic Modules dialog, select the OpenSC card,
	and click on the "Config" button to the right. Select the
	"Enable this token" radio button, and select the "Publicly
	readable Certs" button.

	This will ensure that netscape uses the card when trying to
	display encrypted messages in netscape messenger.  Setting
	"Publicly readable Certs" will also stop a pretty annoying habit
	of netscape which is to ask for all PINs when browsing sites
	requiring client authentication.

	You should _not_ select the "RSA" button. If this option is
	selected, netscape will try to use the card for all public key
	operations, and will fail horribly.

Mozilla:
	Make sure Personal Security Manager (PSM) is installed
	(eg. mozilla-psm package is installed).

	Select menu: Edit -> Preferences

	Select category: Privacy & Security -> Certificates

	Click: Manage Security Devices

	Click: Load

	Module name: descriptive name about module (eg. opensc-pkcs11)
	Module file: absolute path of opensc-pkcs11.so


Notes
-----

Netscape seems to show more information about the security module
than Mozilla. Otherwise all stuff is untested.	

Thread safety on Linux and Mac OS X:
Netscape/Mozilla uses the CKF_OS_LOCKING_OK flag in C_Initialize().
The result is that the browser process doesn't end when closing
the browser, so you have to kill the process yourself.
(If the browser would do a C_Finalize, the sc_pkcs11_free_lock()
would be called and there wouldn't be a problem.)
Therefore, we don't use the PTHREAD locking mechanisms, even if they
are requested. This seems to work fine for Mozilla, BUT will cause
problems for apps that use multiple threads to access this lib
simultaneously.
If you do want to use OS threading, compile with -DPKCS11_THREAD_LOCKING
On Windows, no PTHREAD lib is used and there the problem doesn't
occur. So there the OS locking is enabled.