Netscape Signing Tool and FIPS-140-1
After switching the Navigator cryptographic module to FIPS mode, you have two
choices:
•
Use the same security module database from Netscape Signing Tool (by
specifying the same directory with the
•
Make a copy of Communicator's security module database and place it in
Netscape Signing Tool's database directory.
Verifying FIPS Mode
Use the
This Unix example shows that Netscape Signing Tool is using a non-FIPS module:
% signtool -d "c:\netscape\users\jsmith" -M
using certificate directory: c:\netscape\users\jsmith
Listing of PKCS11 modules
-----------------------------------------------
1. Netscape Internal PKCS #11 Module
token: Communicator Generic Crypto Svcs
token: Communicator Certificate DB
-----------------------------------------------
This Unix example shows that Netscape Signing Tool is using a FIPS-140-1 module:
% signtool -d "c:\netscape\users\jsmith" -M
using certificate directory: c:\netscape\users\jsmith
Enter Password or Pin for "Communicator Certificate DB": [password will not
echo]
Listing of PKCS11 modules
-----------------------------------------------
1. Netscape Internal FIPS PKCS #11 Module
slot: Netscape Internal FIPS-140-1 Cryptographic Services
token: Communicator Certificate DB
-----------------------------------------------
110
Netscape Certificate Management System Command-Line Tools Guide • March 2002
option to verify that you are using the FIPS-140-1 module.
-M
(this module is internally loaded)
slots: 2 slots attached
status: loaded
slot: Communicator Internal Cryptographic Services Version 4.0
slot: Communicator User Private Key and Certificate Services
(this module is internally loaded)
slots: 1 slots attached
status: loaded
option).
-d