giomba/opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
683b946c52
opensc/src/pkcs11
History
aj 683b946c52 Patch by Robert Bihlmeyer: 
- remove liscrandom
 - use scrandom.c directly (list as part of the SOURCES)


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1083 c6295689-39f2-0310-b995-f0e70906c6a9
2003-05-01 14:09:11 +00:00
..
rsaref remove references to SCIDI 2003-04-22 17:02:28 +00:00
.cvsignore Added some files to ignore, also for Windows 2003-04-18 14:57:50 +00:00
debug.c - improved debugging output of CK_ATTRIBUTE data 2003-04-16 14:18:07 +00:00
framework-pkcs15.c Allow non-repudation as a signature usage 2003-04-18 15:42:04 +00:00
framework-pkcs15init.c - Patches from Stef implementing PKCS11 RNG related functions 2003-01-16 20:10:28 +00:00
libpkcs11.c Added code for MacOSX 2003-04-18 11:55:16 +00:00
Makefile.am Patch by Robert Bihlmeyer: 2003-05-01 14:09:11 +00:00
Makefile.mak Added debug.obj 2003-04-16 19:50:30 +00:00
mechanism.c - fixed typo in previous patch 2003-01-20 09:56:53 +00:00
misc.c - improved debugging output of CK_ATTRIBUTE data 2003-04-16 14:18:07 +00:00
opensc_pkcs11_install.js Testing version. Use if you dare. 2002-01-28 19:29:35 +00:00
openssl.c - fixed compiled warning 2003-02-03 12:20:24 +00:00
pkcs11-global.c Avoid an Assertion Failed (ctx!=NULL) in log.c if sc_establish_context() fails in C_Initialize() 2003-04-28 09:55:36 +00:00
pkcs11-object.c - fixed compiler warning 2003-04-17 11:04:28 +00:00
pkcs11-session.c - prevent compiler warning 2003-02-21 12:47:30 +00:00
pkcs11.h - New utility library libpkcs11 - supposed to provide easy loading and 2002-12-17 11:48:14 +00:00
README Have a compile option to enable PTHREAD locking at the pkcs11 level 2003-04-24 07:03:48 +00:00
sc-pkcs11.h Have a sec delay in C_GetSlotInfo() per reader instead of a global delay 2003-04-18 11:58:11 +00:00
secretkey.c Preliminary MacOS X build support, untested so far. 2002-06-03 15:18:47 +00:00
slot.c remove/insert fix: restore the slot->reader in slot_token_removed 2003-03-07 14:18:55 +00:00

README 

Installation
------------

Netscape:
	Select menu: Communicator -> Tools -> Security Info

	Select Cryptographic Modules
	
	Click: Add

	Module name: descriptive name about module (eg. opensc-pkcs11)
	Module file: absolute path of opensc-pkcs11.so

	For proper operation, you also need to configure the module:
	In the Crypthographic Modules dialog, select the OpenSC card,
	and click on the "Config" button to the right. Select the
	"Enable this token" radio button, and select the "Publicly
	readable Certs" button.

	This will ensure that netscape uses the card when trying to
	display encrypted messages in netscape messenger.  Setting
	"Publicly readable Certs" will also stop a pretty annoying habit
	of netscape which is to ask for all PINs when browsing sites
	requiring client authentication.

	You should _not_ select the "RSA" button. If this option is
	selected, netscape will try to use the card for all public key
	operations, and will fail horribly.

Mozilla:
	Make sure Personal Security Manager (PSM) is installed
	(eg. mozilla-psm package is installed).

	Select menu: Edit -> Preferences

	Select category: Privacy & Security -> Certificates

	Click: Manage Security Devices

	Click: Load

	Module name: descriptive name about module (eg. opensc-pkcs11)
	Module file: absolute path of opensc-pkcs11.so


Notes
-----

Netscape seems to show more information about the security module
than Mozilla. Otherwise all stuff is untested.	

Thread safety on Linux and Mac OS X:
Netscape/Mozilla uses the CKF_OS_LOCKING_OK flag in C_Initialize().
The result is that the browser process doesn't end when closing
the browser, so you have to kill the process yourself.
(If the browser would do a C_Finalize, the sc_pkcs11_free_lock()
would be called and there wouldn't be a problem.)
Therefore, we don't use the PTHREAD locking mechanisms, even if they
are requested. This seems to work fine for Mozilla, BUT will cause
problems for apps that use multiple threads to access this lib
simultaneously.
If you do want to use OS threading, compile with -DPKCS11_THREAD_LOCKING
On Windows, no PTHREAD lib is used and there the problem doesn't
occur. So there the OS locking is enabled.