Discuss this help topic in SecureBlackbox Forum

Accessing NSS (Firefox) certificate store

Firefox and other Mozilla products use PKCS#11 interface to access locally stored keys and certificates (even though no hardware token is actually used). That is, you can use SecureBlackbox to access and use those keys. NSS PKCS#11 driver is slightly incompatible with the original PKCS#11 specification, and thus your code will need certain adjustments to be able to talk to the NSS driver. In most cases you will need to adjust the following two properties:
CertStorage.NSSParams.UseNSSMode = True;
CertStorage.NSSParams.ConfigDir = <path to the configuration database>;

The exact path may differ for different products and configurations. For example, path to the Firefox 3 database on most Windows 7 systems should be set according to the following:
CertStorage.NSSParams.ConfigDir = "C:/Users/Username/AppData/Roaming/Mozilla/Firefox/Profiles/6zg4b0a7.default"; // the exact profile directory name will differ

Please notice the use of forward slashes ("/") everywhere within the path. It is important to use forward slashes; the driver won't be able to load the configuration otherwise.

NSS PKCS#11 driver DLL is located in softokn3.dll file that is usually placed to the installation directory of the particular Mozilla product (e.g. C:\Program Files (x86)\Mozilla Firefox). Please note that most of the DLL's required by the driver are not originally available in the System32 folder and the driver will fail to locate them unless they are available in current application directory or elsewhere referenced by the PATH environment variable. That's why you will have three alternatives:

  • change the current directory of your application to the directory where softokn3.dll is located prior to calling the Open() method
  • add the directory with softokn3.dll to your PATH list
  • copy all the needed dependent DLL's to the System32 directory

Same explanations are valid for TElSSHPKCS11KeyStorage component as well.

How To articles about certificate storages

Discuss this help topic in SecureBlackbox Forum