User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release) Build ID: 20130917102605 Steps to reproduce: Please consider adding easier to use / lite functions for low-level cryptography that hide most of the implementation details. At the very least, most applications shouldn't need to worry about the existence of slots. Would it make sense to make it also easy to import raw key material for an one-shot operation, e.g. integrate PK11_GetBestSlot+PK11_ImportSymKeyWithFlags+PK11_CreateContextBySymKey? This would encourage handling raw key material directly, which is not desirable for newly designed applications - OTOH it would make NSS less scary to use for applications that by design and unavoidably need to handle raw key material. This might possibly start with making encryption/decryption available in the cryptohi layer; because cryptohi already covers signatures and hashes, this would leave key handling (import/export/wrapping/derivation). Related: #924390 for not requiring applications to manipulate SECItem structures.
Will the WebCrypto API provide what you need?  http://www.w3.org/TR/WebCryptoAPI/
Sorry, I was under the impression that you wanted this for WebApps. Nevermind.