This content has been marked as final. Show 6 replies
You can use the NSS library through the SunPKCS11 provider: http://download.oracle.com/javase/6/docs/technotes/guides/security/enhancements.html
Thank you very much
I'll look into it
I assume that it support RSA \DSA digital signatures, Elliptic curves digital signatures, etc. Correct?
Are there software keystores that are fips 140-2 certified? Keystores like java, windows.
I want to keep private dig signature keys in these instead in physical tokens.
NSS keystore would probably satisfy your requirements: http://www.mozilla.org/projects/security/pki/nss/fips/
The private keys can also be stored in softtoken rather than hardware token. They will end up in a file called key3.db
Can I use the NSS keystore and use the basic Sun crypto algorithms.
Is using NSS java coding only?
NSS is a set of security libraries written in C so you can certainly use C APIs to access it as well. JSS is the Java interface to NSS. You can either use the JSS API directly or use Sun's PKCS11 wrapper which gives you access to most of the NSS functionalities.