Infineon Security Platform Solution
Configuring PKCS #11 for Mozilla Firefox
The PKCS #11 standard defines platform independent interfaces and technologies for handling security relevant elements for a PKI in a distributed environment. Several solutions exist from different manufacturers. The Infineon Security Platform Solution Software comprises a PKCS #11 library (of software functions) that implements all the functionality needed to operate an Infineon Security Platform. This library uses the Trusted Platform Module for the most security relevant operations.
Mozilla Firefox is designed to support more than one PKCS #11 library. A solution based completely on software mechanisms is part of the standard product.
The PKCS #11 library contained in the Infineon Security Platform Solution Software has to be configured once in Mozilla Firefox. During this the standard PKCS #11 library can be disabled, if no further need exists. This decision has to be made in accordance with the system administrator.
Configure Mozilla Firefox
Start Mozilla Firefox.
Select Tools > Options.... The Options panel opens.
Click on the Security icon in the Options panel
-
Check Use a master password to define the password for protection of your certificate database.
-
Enter a New password twice to confirm. Only when the entered values are identical, the OK button is enabled. The Password quality meter gives you an indication of the security level of the currently entered value. To have the same security level for this password as it is recommended for the passwords in the Infineon Security Platform Solution Software some password guidelines should be taken into consideration. If you want to change an already set password you also have to enter the Current password.
Click on OK.
The configuration of e-mails is described in the section configure secure e-mail.
Configure the certificate handling
This section explains the configuration on how certificates are handled in Mozilla Firefox.
Click on Advanced icon in the Options panel to configure the certification handling environment.
Click on Encryption tab. For Certificate Selection set the mode to Ask Every Time. This ensures that no client authentication is made without knowledge of the user.
Click on the Security Devices button to open the Device Manager.
Click on the Load button to open the configuration dialog for a new PKCS #11 Module.
The Module Name is mandatory, the Module filename is fixed to IfxTPMCK.dll. If the module is not located in a folder that is contained in the system's PATH variable, you can use the Browse button to locate the file. Confirm your settings with OK.
If the specified module name is listed in the Cryptographic Modules list afterwards, it is correctly configured for using it.
©Infineon Technologies AG