Make it easier to use NSS for low-level crypto



4 years ago
4 years ago


(Reporter: Miloslav Trmač, Unassigned)


Firefox Tracking Flags

(Not tracked)




4 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130917102605

Steps to reproduce:

Please consider adding easier to use / lite functions for low-level cryptography that hide most of the implementation details.

At the very least, most applications shouldn't need to worry about the existence of slots.

Would it make sense to make it also easy to import raw key material for an one-shot operation, e.g. integrate PK11_GetBestSlot+PK11_ImportSymKeyWithFlags+PK11_CreateContextBySymKey? This would encourage handling raw key material directly, which is not desirable for newly designed applications - OTOH it would make NSS less scary to use for applications that by design and unavoidably need to handle raw key material.

This might possibly start with making encryption/decryption available in the cryptohi layer; because cryptohi already covers signatures and hashes, this would leave key handling (import/export/wrapping/derivation).

Related: #924390 for not requiring applications to manipulate SECItem structures.

Comment 1

4 years ago
Will the WebCrypto API[1] provide what you need?


Comment 2

4 years ago
(In reply to Florian Bender from comment #1)
> Will the WebCrypto API[1] provide what you need?
> [1]

How can a JavaScript API be a better alternative for C applications?

Comment 3

4 years ago
Sorry, I was under the impression that you wanted this for WebApps. Nevermind.
You need to log in before you can comment on or make changes to this bug.