NDBS 2.0 Description

Netscape DB KeyStore 2.0 (NDBS 2.0) is a JCE 1.2 compliant provider for keystore services that enables reading certificates and private key material from Netscape's browser database files. NDBS 2.0 is platform-independent because it is a 100% Java solution.

Certificates stored in Netscape's databases can be read and used to decrypt RSA messages sent to you. Certificates and private keys read from the databases can be used to digitally sign messages authenticating that they came from you.

NDBS 2.0 was developed at Carnegie Mellon University as a Studio project for the Master in Software Engineering Program.

Copyright (c) 2001 Carnegie Mellon University.
All rights reserved.

Permission to use this software and its documentation for any purpose is hereby granted, provided that the above copyright notice appear and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.

CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, RISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

How it Works

Netscape DB KeyStore recognizes the paired relationship between the two browser database files, key3.db (which holds private key material) and cert7.db (which holds X.509v3 certificates), and treats them as one logical entity. Since JDK1.2's KeyStoreSPI assumes that the underlying keystore is one file, Netscape DB KeyStore accepts a relative or absolute directory path containing these files (key3.db and cert7.db). See Testing Netscape DB KeyStore.

Netscape DB KeyStore fully supports both protected and unprotected Netscape database files. If the browser's database files are password protected, the same password must be used to open those database files with Netscape DB KeyStore. In the case a password is needed, an incorrect password will fail to open the browser's database files.

Keys stored in the browser's database files are RSA keys. As such, Netscape DB KeyStore relies upon JDK1.2's KeyFactory class to generate RSA Private Keys in Java, thereby requiring access to a JCE 1.2 compliant provider for RSA. Netscape DB KeyStore has been developed and tested using JCE1.2 compliant RSA providers from Entrust's Java Tools and SunJCE. Any Java application what wishes to use Netscape DB KeyStore must ensure that a default provider for RSA is installed or is established prior to calling the getKey() method; otherwise an exception will be raised.

Netscape DB KeyStore also relies upon a crypto provider for Triple DES with CBC and Standard Block Padding, and HMAC with SHA-1 algorithms, thereby requiring access to a JCE 1.2 compliant provider for these algorithms. The product has been tested with SunJCE, IAIK, and JCSI. By default, it does not need special configuration if any of these crypto providers is used, or any other crypto provider that uses the same algorithm names. If a different provider is installed, that does not use any of the default algorithm names, the algorithm name needs to be specified in the configuration file.

Features

System Requirements

  1. Java 2 (JDK 1.2 or later version)
  2. An RSA security provider, such as RSA BSAFE Crypto-J 2.1, Entrust/Toolkit Java™ Edition 4.1, or SunJCE, conformant to JCE 1.2 SPI for Crypto
  3. A JCE 1.2 compliant crypto provider that supports Triple DES with CBC and Standard Block Padding, and HMAC with SHA-1 algorithms, such as SunJCE, IAIK, or JCSI.