Closed Bug 924396 Opened 11 years ago Closed 5 months ago

Make it easier to use NSS for low-level crypto

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Version:
3.15.1
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mitr, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130917102605

Steps to reproduce:

Please consider adding easier to use / lite functions for low-level cryptography that hide most of the implementation details.

At the very least, most applications shouldn't need to worry about the existence of slots.

Would it make sense to make it also easy to import raw key material for an one-shot operation, e.g. integrate PK11_GetBestSlot+PK11_ImportSymKeyWithFlags+PK11_CreateContextBySymKey? This would encourage handling raw key material directly, which is not desirable for newly designed applications - OTOH it would make NSS less scary to use for applications that by design and unavoidably need to handle raw key material.

This might possibly start with making encryption/decryption available in the cryptohi layer; because cryptohi already covers signatures and hashes, this would leave key handling (import/export/wrapping/derivation).

Related: #924390 for not requiring applications to manipulate SECItem structures.
Will the WebCrypto API[1] provide what you need?

[1] http://www.w3.org/TR/WebCryptoAPI/
(In reply to Florian Bender from comment #1)
> Will the WebCrypto API[1] provide what you need?
> 
> [1] http://www.w3.org/TR/WebCryptoAPI/

How can a JavaScript API be a better alternative for C applications?
Sorry, I was under the impression that you wanted this for WebApps. Nevermind.
Severity: normal → S3
Severity: S3 → S4
Status: UNCONFIRMED → RESOLVED
Closed: 5 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.