canmove, Confirmed users
937
edits
NSS Shared DB: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 7: | Line 7: | ||
=== Where we are today === | === Where we are today === | ||
At initialization time, NSS currently takes an argument which points to some directory the application uses to store | At initialization time, NSS currently takes an argument which points to some directory the application uses to store its private configuration data. NSS uses 3 libdbm files in that directory: | ||
* cert8.db - stores publicly accessible objects (certs, | * cert8.db - stores publicly accessible objects (certs, CRLs, S/MIME records). | ||
* key3.db - stores the private keys. | * key3.db - stores the private keys. | ||
* secmod.db - stores the pkcs #11 module configuration. | * secmod.db - stores the pkcs #11 module configuration. | ||
| Line 27: | Line 27: | ||
''directory'' is an optional parameter pointing to an NSS non-shared database which NSS will use to update the shared database from on loading. | ''directory'' is an optional parameter pointing to an NSS non-shared database which NSS will use to update the shared database from on loading. | ||
NSS will find librdb.so (rdb.dll on windows) in | NSS will find librdb.so (rdb.dll on windows) in its path and load it. This shared library is expected to implement a superset of the standard libdbm interface. The main entry point is rdbopen, which will pass the appName, database name, and open flags. The rdb shared library will pick a location or method to store the database (it may not necessarily be a file), then handle the raw db records form NSS. The library does not do any formatting of the data. | ||
=== What we want to do === | === What we want to do === | ||
| Line 105: | Line 105: | ||
Softoken (not the database) will manage cannonicalizing any CK_ULONGS, encrypting or decrypting private data blobs, and deciding what attributes an object should have and setting the appropriate defaults if necessary. | Softoken (not the database) will manage cannonicalizing any CK_ULONGS, encrypting or decrypting private data blobs, and deciding what attributes an object should have and setting the appropriate defaults if necessary. | ||
Since softoken deals with PKCS #11 templates internally, | Since softoken deals with PKCS #11 templates internally, its interface to the database will be in terms of those templates. | ||
The database layer must be multi-thread safe. If the underlying database is not thread safe, sdb_ layer must implement the appropriate locking. | The database layer must be multi-thread safe. If the underlying database is not thread safe, sdb_ layer must implement the appropriate locking. | ||
| Line 284: | Line 284: | ||
# A private interface may be needed to unwrap the private keys, or provide a handle to the password so the keys can be presented in the attribute format. | # A private interface may be needed to unwrap the private keys, or provide a handle to the password so the keys can be presented in the attribute format. | ||
This code would live in | This code would live in its own shared library. Most of the low level cert, crl, key handling, and translation to pkcs #11 objects and attributes that was part of softoken will moved to this legacy shared library. It will be loaded whenever access to old databases is required. | ||
[[Category:NSS]] | [[Category:NSS]] | ||