Last Comment Bug 924396 - Make it easier to use NSS for low-level crypto
: Make it easier to use NSS for low-level crypto
Status: UNCONFIRMED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.15.1
: All All
: -- normal (vote)
: ---
Assigned To: nobody
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-08 07:35 PDT by Miloslav Trmač
Modified: 2013-12-03 00:19 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Miloslav Trmač 2013-10-08 07:35:35 PDT
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130917102605

Steps to reproduce:

Please consider adding easier to use / lite functions for low-level cryptography that hide most of the implementation details.

At the very least, most applications shouldn't need to worry about the existence of slots.

Would it make sense to make it also easy to import raw key material for an one-shot operation, e.g. integrate PK11_GetBestSlot+PK11_ImportSymKeyWithFlags+PK11_CreateContextBySymKey? This would encourage handling raw key material directly, which is not desirable for newly designed applications - OTOH it would make NSS less scary to use for applications that by design and unavoidably need to handle raw key material.

This might possibly start with making encryption/decryption available in the cryptohi layer; because cryptohi already covers signatures and hashes, this would leave key handling (import/export/wrapping/derivation).

Related: #924390 for not requiring applications to manipulate SECItem structures.
Comment 1 Florian Bender 2013-12-01 14:17:54 PST
Will the WebCrypto API[1] provide what you need?

[1] http://www.w3.org/TR/WebCryptoAPI/
Comment 2 Miloslav Trmač 2013-12-02 12:55:06 PST
(In reply to Florian Bender from comment #1)
> Will the WebCrypto API[1] provide what you need?
> 
> [1] http://www.w3.org/TR/WebCryptoAPI/

How can a JavaScript API be a better alternative for C applications?
Comment 3 Florian Bender 2013-12-03 00:19:20 PST
Sorry, I was under the impression that you wanted this for WebApps. Nevermind.

Note You need to log in before you can comment on or make changes to this bug.