secmod.db
on Windows platforms and secmodule.db
on Unix platforms). This database is stored in the same directory as your certificate database (cert7.db
) and key database (key3.db
), as indicated by the -d
option of the Netscape Signing Tool.
Before using the Netscape Signing Tool in FIPS-validated mode, you must use Navigator to switch to FIPS mode. For information on how to do this, see Operating Netscape Navigator in FIPS PUB-140-1 Compliant Mode.
After switching the Navigator cryptographic module to FIPS mode, you have two choices:
-d
option).-M
option to verify that you are using the FIPS-140-1 module.
This Unix example shows that Netscape Signing Tool is using a non-FIPS module:
% signtool -d "c:\netscape\users\jsmith" -MThis Unix example shows that Netscape Signing Tool is using a FIPS-140-1 module:
using certificate directory: c:\netscape\users\jsmith
Listing of PKCS11 modules
-----------------------------------------------
1. Netscape Internal PKCS #11 Module
(this module is internally loaded)
slots: 2 slots attached
status: loaded
slot: Communicator Internal Cryptographic Services Version 4.0
token: Communicator Generic Crypto Svcs
slot: Communicator User Private Key and Certificate Services
token: Communicator Certificate DB
-----------------------------------------------
% signtool -d "c:\netscape\users\jsmith" -M
using certificate directory: c:\netscape\users\jsmith
Enter Password or Pin for "Communicator Certificate DB": [password will not echo]
Listing of PKCS11 modules
-----------------------------------------------
1. Netscape Internal FIPS PKCS #11 Module
(this module is internally loaded)
slots: 1 slots attached
status: loaded
slot: Netscape Internal FIPS-140-1 Cryptographic Services
token: Communicator Certificate DB
-----------------------------------------------
Last Updated: 06/19/98 13:23:54
Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use