439
edits
Changes
→Database Merge
# Because merge does not require the complicated state machine to manage password acquisition, it can (and is) implemented outside the softoken itself.
Characteristic 3 allows database merge to work on arbitrary databases and database types . You can merge a shared db into a shared db as well as an old datase into a shared db (in fact, to a point, on arbitrary tokens- you can merge a hardware token into a shared db as long as the keys are extractable).
To merge 2 databases, the application simply opens the both databases and calls the new PK11_MergeTokens() call. PK11_MergeTokens() has the following signature:
''pwdata'' password arg
The ''targetSlot'' and ''sourceSlot'' parameters could be slots that are simply looked up, or additional databases opened with SECMOD_OpenUserDB(). In order for the merge to be successful, ''targetSlot '' must support all the intersection of the following object list and the token objects in the ''sourceSlot '' (CKO_CERTIFICATE, CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, CKO_SECRET_KEY, CKO_NSS_TRUST, CKO_NSS_CRL, CKO_NSS_SMIME). The source Slot must also have extractable keys or the merge will fail (sensitive keys are OK, as long as the source slot supports PBE's if it contains private keys). All softoken slots (including those opened with SECMOD_OpenUserDB()) support these charateristics. Multiple calls to merge will only attempt to merge those objects which were created since the last merge, or failed to merge in the last call to merge.
Returns:
