Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual page 75

Hide thumbs Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents

Advertisement

One or more PKCS #11 modules must be available to any CMS subsystem instance.
As shown in Figure 1-10, a PKCS #11 module (also called a cryptographic module or
cryptographic service provider) manages cryptographic services such as encryption
and decryption via the PKCS #11 interface. PKCS #11 modules can be thought of as
drivers for cryptographic devices that can be implemented in either hardware or
software. Netscape provides a built-in PKCS #11 module with Certificate
Management System; see "Installing External Tokens" on page 451.
A PKCS #11 module always has one or more slots, which can be implemented as
physical hardware slots in some form of physical reader (for example, for smart
cards) or as conceptual slots in software. Each slot for a PKCS #11 module can in
turn contain a token, which is the hardware or software device that actually
provides cryptographic services and optionally stores certificates and keys.
Netscape provides two built-in modules with Certificate Management System:
Default Netscape Internal PKCS #11 Module. This comes with two built-in
tokens:
The Internal Crypto Services token performs all cryptographic operations,
such as encryption, decryption, and hashing.
The Internal Key Storage token ("Certificate DB token" in Figure 1-10)
handles all communication with the certificate and key database files
(called
certX.db
that store certificates and keys.
FIPS 140-1 module. This module complies with the FIPS 140-1 government
standard for implementations of cryptographic modules. Many products sold
to the US government must comply with one or more of the FIPS standards.
The FIPS 140-1 module includes a single, built-in FIPS 140-1 Certificate DB
token (see Figure 1-10), which handles both cryptographic operations and
communication with the
Any PKCS #11 module can be used with Certificate Management System. The
server uses a file called
You can modify this file with the Security Module Database Tool explained in the
CMS Command-Line Tools Guide. For example, you need to modify
you are installing hardware accelerators for use in signing operations.
and
, respectively, where
keyX.db
and
certX.db
keyX.db
to keep track of the modules that are available.
secmod.db
Chapter 1
is a version number)
X
files.
secmod.db
Introduction to Certificate Management System
System Architecture
if
75

Advertisement

Table of Contents
loading

Table of Contents