NSS Shared Database Does Not Work with SunPKCS11

Question

NSS Shared Database Does Not Work with SunPKCS11

I configured NSS 3.12.4 to work with my java program using the SunPKCS11 provider in FIPS mode and everything works fine. Now I follow the steps in https://blogs.oracle.com/meena/entry/what_s_new_in_nss1 so that NSS works as a shared database.

When I configured NSS in shared db mode, the secmod.db file is replaced with pkcs11.txt, as expected. But now SunPKCS11 could not be initialized, because during initialization, there seems to be a check for secmod.db. I also tried the configDir prefix with sql :, but this also does not work.

I get the following exception.

Caused by: java.io.FileNotFoundException: /etc/nss/secmod.db at sun.security.pkcs11.Secmod.initialize(Secmod.java:181) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:179)

Has anyone tried using NSS in conjunction with java, or in any way around this problem?

+4

java cryptography nss jce pkcs # 11

Atul soman Jul 18 '12 at 10:08

source share

1 answer

Darran l · Accepted Answer · 2014-01-08T21:05:58+0000

To make me work for me, I took two extra steps.

Create an empty secmod.db using touch - Java code just checks for its existence, it doesn't actually use it.
Set the default database type before starting the Java process 'export NSS_DEFAULT_DB_TYPE = sql'

With these two changes, I now have a server-side process, using NSS to load its keys.

NSS Shared Database Does Not Work with SunPKCS11

More articles: