How to install a PKSC11 certificate module in Evolution

How to install a PKSC11 certificate module in Evolution

By | | Comments 0 Comment

Last year, the Swiss government launched the SuisseID, a digital ID to sign documents and identify yourself in the web. It uses a smartcard as cryptographic token and is based on the PKCS11 cryptography standard.

Evolution uses the Network Securtiy Services (NSS) from Mozilla, over which you can access the PKSC11 module.

To sign your mails in Evolution, first install the drivers for you smartcard and check, if the pcscd daemon can recognize your smartcard.
I’m running Ubuntu 10.10, so if you use a different distribution, please be aware that the paths could be different. Then, change into your private NSS db folder:

cd ~/.pki/nssdb

This folder should contain the files cert9.db, key4.db and pkcs11.txt. If you have files like cert8.db and key3.db, you are using legacy databases and you must remove sql: from the following command. Otherwise, just use this command to register the module libcvP11.so in your NSS DB.

modutil -dbdir sql:./ -add "Post SuisseID" -libfile /usr/lib/libcvP11.so -force

After that, when you start Evolution a popup should ask you for your certificate password.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.