683b946c52
- remove liscrandom - use scrandom.c directly (list as part of the SOURCES) git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1083 c6295689-39f2-0310-b995-f0e70906c6a9 |
||
---|---|---|
.. | ||
rsaref | ||
.cvsignore | ||
debug.c | ||
framework-pkcs15.c | ||
framework-pkcs15init.c | ||
libpkcs11.c | ||
Makefile.am | ||
Makefile.mak | ||
mechanism.c | ||
misc.c | ||
opensc_pkcs11_install.js | ||
openssl.c | ||
pkcs11-global.c | ||
pkcs11-object.c | ||
pkcs11-session.c | ||
pkcs11.h | ||
README | ||
sc-pkcs11.h | ||
secretkey.c | ||
slot.c |
Installation ------------ Netscape: Select menu: Communicator -> Tools -> Security Info Select Cryptographic Modules Click: Add Module name: descriptive name about module (eg. opensc-pkcs11) Module file: absolute path of opensc-pkcs11.so For proper operation, you also need to configure the module: In the Crypthographic Modules dialog, select the OpenSC card, and click on the "Config" button to the right. Select the "Enable this token" radio button, and select the "Publicly readable Certs" button. This will ensure that netscape uses the card when trying to display encrypted messages in netscape messenger. Setting "Publicly readable Certs" will also stop a pretty annoying habit of netscape which is to ask for all PINs when browsing sites requiring client authentication. You should _not_ select the "RSA" button. If this option is selected, netscape will try to use the card for all public key operations, and will fail horribly. Mozilla: Make sure Personal Security Manager (PSM) is installed (eg. mozilla-psm package is installed). Select menu: Edit -> Preferences Select category: Privacy & Security -> Certificates Click: Manage Security Devices Click: Load Module name: descriptive name about module (eg. opensc-pkcs11) Module file: absolute path of opensc-pkcs11.so Notes ----- Netscape seems to show more information about the security module than Mozilla. Otherwise all stuff is untested. Thread safety on Linux and Mac OS X: Netscape/Mozilla uses the CKF_OS_LOCKING_OK flag in C_Initialize(). The result is that the browser process doesn't end when closing the browser, so you have to kill the process yourself. (If the browser would do a C_Finalize, the sc_pkcs11_free_lock() would be called and there wouldn't be a problem.) Therefore, we don't use the PTHREAD locking mechanisms, even if they are requested. This seems to work fine for Mozilla, BUT will cause problems for apps that use multiple threads to access this lib simultaneously. If you do want to use OS threading, compile with -DPKCS11_THREAD_LOCKING On Windows, no PTHREAD lib is used and there the problem doesn't occur. So there the OS locking is enabled.