Search completed in 1.27 seconds.
300 results for "Crypto":
Your results are loading. Please wait...
Mozilla Crypto FAQ - Archive of obsolete content
in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
...if you wish to develop and distribute cryptographic software, particularly for commercial sale or distribution, then you should consult an attorney with expertise in the particular laws and regulations that apply in your jurisdiction.
... i've updated this version of the mozilla crypto faq to discuss the situation now that the rsa public key algorithm is in the public domain and a full open source crypto implementation is being added to the mozilla code base.
...And 27 more matches
SubtleCrypto - Web APIs
the subtlecrypto interface of the web crypto api provides a number of low-level cryptographic functions.
... access to the features of subtlecrypto is obtained through the subtle property of the crypto object you get from window.crypto.
... warning: this api provides a number of low-level cryptographic primitives.
...And 26 more matches
SubtleCrypto.wrapKey() - Web APIs
the wrapkey() method of the subtlecrypto interface "wraps" a key.
... as with subtlecrypto.exportkey(), you specify an export format for the key.
... to export a key, it must have cryptokey.extractable set to true.
...And 20 more matches
SubtleCrypto.unwrapKey() - Web APIs
the unwrapkey() method of the subtlecrypto interface "unwraps" a key.
...it decrypts the key and then imports it, returning a cryptokey object that can be used in the web crypto api.
... as with subtlecrypto.importkey(), you specify the key's import format and other attributes of the key to import details such as whether it is extractable, and which operations it can be used for.
...And 15 more matches
JavaScript crypto - Archive of obsolete content
use <keygen> or the future web crypto api instead.
... using the mozilla crypto object from javascript mozilla defines a special javascript object to allow web pages access to certain cryptographic-related services.
...most of these services are available via the dom window object as window.crypto.
...And 11 more matches
SubtleCrypto.exportKey() - Web APIs
the exportkey() method of the subtlecrypto interface exports a key: that is, it takes as input a cryptokey object and gives you the key in an external, portable format.
... to export a key, the key must have cryptokey.extractable set to true.
... keys can be exported in several formats: see supported formats in the subtlecrypto.importkey() page for details.
...And 11 more matches
SubtleCrypto.deriveKey() - Web APIs
the derivekey() method of the subtlecrypto interface can be used to derive a secret key from a master key.
...it returns a promise which will be fulfilled with a cryptokey object representing the new key.
... syntax const result = crypto.subtle.derivekey( algorithm, basekey, derivedkeyalgorithm, extractable, keyusages ); parameters algorithm is an object defining the derivation algorithm to use.
...And 9 more matches
SubtleCrypto.importKey() - Web APIs
the importkey() method of the subtlecrypto interface imports a key: that is, it takes as input a key in an external, portable format and gives you a cryptokey object that you can use in the web crypto api.
... syntax const result = crypto.subtle.importkey( format, keydata, algorithm, extractable, usages ); parameters format is a string describing the data format of the key to import.
... extractable is a boolean indicating whether it will be possible to export the key using subtlecrypto.exportkey() or subtlecrypto.wrapkey().
...And 9 more matches
SubtleCrypto.sign() - Web APIs
WebAPISubtleCryptosign
the sign() method of the subtlecrypto interface generates a digital signature.
... you can use the corresponding subtlecrypto.verify() method to verify the signature.
... syntax const signature = crypto.subtle.sign(algorithm, key, data); parameters algorithm is a string or object that specifies the signature algorithm to use and its parameters: to use rsassa-pkcs1-v1_5, pass the string "rsassa-pkcs1-v1_5" or an object of the form { "name": "rsassa-pkcs1-v1_5" }.
...And 9 more matches
SubtleCrypto.deriveBits() - Web APIs
the derivebits() method of the subtlecrypto interface can be used to derive an array of bits from a base key.
... this method is very similar to subtlecrypto.derivekey(), except that derivekey() returns a cryptokey object rather than an arraybuffer.
... syntax const result = crypto.subtle.derivebits( algorithm, basekey, length ); parameters algorithm is an object defining the derivation algorithm to use.
...And 8 more matches
SubtleCrypto.digest() - Web APIs
the digest() method of the subtlecrypto interface generates a digest of the given data.
...cryptographic digests should exhibit collision-resistance, meaning that it's hard to come up with two different inputs that have the same digest value.
... syntax const digest = crypto.subtle.digest(algorithm, data); parameters algorithm is a domstring defining the hash function to use.
...And 8 more matches
SubtleCrypto.encrypt() - Web APIs
c the encrypt() method of the subtlecrypto interface encrypts data.
... syntax const result = crypto.subtle.encrypt(algorithm, key, data); parameters algorithm is an object specifying the algorithm to be used and any extra parameters if required: to use rsa-oaep, pass an rsaoaepparams object.
... key is a cryptokey containing the key to be used for encryption.
...And 8 more matches
CryptoKey - Web APIs
WebAPICryptoKey
the cryptokey interface of the web crypto api represents a cryptographic key obtained from one of the subtlecrypto methods generatekey(), derivekey(), importkey(), or unwrapkey().
... for security reasons, the cryptokey interface can only be used in a secure context.
... properties cryptokey.type string which may take one of the following values: "secret": this key is a secret key for use with a symmetric algorithm.
...And 7 more matches
SubtleCrypto.generateKey() - Web APIs
use the generatekey() method of the subtlecrypto interface to generate a new key (for symmetric algorithms) or key pair (for public-key algorithms).
... syntax const result = crypto.subtle.generatekey(algorithm, extractable, keyusages); parameters algorithm is a dictionary object defining the type of key to generate and providing extra algorithm-specific parameters.
... extractable is a boolean indicating whether it will be possible to export the key using subtlecrypto.exportkey() or subtlecrypto.wrapkey().
...And 7 more matches
Introduction to Public-Key Cryptography - Archive of obsolete content
public-key cryptography and related standards and techniques underlie the security features of many products such as signed and encrypted email, single sign-on, and secure sockets layer (ssl) communications.
... this document introduces the basic concepts of public-key cryptography.
... for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." public-key cryptography is a set of well-established techniques and standards for protecting communications from eavesdropping, tampering, and impersonation attacks.
...And 6 more matches
Crypto - Web APIs
WebAPICrypto
the crypto interface represents basic cryptography features available in the current context.
... it allows access to a cryptographically strong random number generator and to cryptographic primitives.
... the web crypto api is accessed through the window.crypto property, which is a crypto object.
...And 6 more matches
SubtleCrypto.decrypt() - Web APIs
the decrypt() method of the subtlecrypto interface decrypts some encrypted data.
... syntax const result = crypto.subtle.decrypt(algorithm, key, data); parameters algorithm is an object specifying the algorithm to be used, and any extra parameters as required.
... key is a cryptokey containing the key to be used for decryption.
...And 5 more matches
SubtleCrypto.verify() - Web APIs
the verify() method of the subtlecrypto interface verifies a digital signature.
... syntax const result = crypto.subtle.verify(algorithm, key, signature, data); parameters algorithm is a domstring or object defining the algorithm to use, and for some algorithm choices, some extra parameters.
... key is a cryptokey containing the key that will be used to verify the signature.
...And 5 more matches
Crypto.getRandomValues() - Web APIs
the crypto.getrandomvalues() method lets you get cryptographically strong random values.
... the array given as the parameter is filled with random numbers (random in its cryptographic meaning).
...the pseudo-random number generator algorithm (prng) may vary across user agents, but is suitable for cryptographic purposes.
...And 4 more matches
CryptoKeyPair - Web APIs
the cryptokeypair dictionary of the web crypto api represents a key pair for an asymmetric cryptography algorithm, also known as a public-key algorithm.
... a cryptokeypair object can be obtained using subtlecrypto.generatekey(), when the selected algorithm is one of the asymmetric algorithms: rsassa-pkcs1-v1_5, rsa-pss, rsa-oaep, ecdsa, or ecdh.
... it contains two properties, which are both cryptokey objects: a privatekey property containing the private key and a publickey property containing the public key.
...And 4 more matches
Web Crypto API - Web APIs
the web crypto api is an interface allowing a script to use cryptographic primitives in order to build systems using cryptography.
... warning: the web crypto api provides a number of low-level cryptographic primitives.
... even assuming you use the basic cryptographic functions correctly, secure key management and overall security system design are extremely hard to get right, and are generally the domain of specialist security experts.
...And 4 more matches
Window.crypto - Web APIs
WebAPIWindowcrypto
the read-only window.crypto property returns the crypto object associated to the global object.
... this object allows web pages access to certain cryptographic related services.
... although the property itself is read-only, all of its methods (and the methods of its child object, subtlecrypto) are not read-only, and therefore vulnerable to attack by polyfill.
...And 4 more matches
nsICryptoHash
netwerk/base/public/nsicryptohash.idlscriptable this interface can be used to compute a cryptographic hash function of some data.
...the values map directly onto the values defined in mozilla/security/nss/lib/cryptohi/hasht.h.
... example computing the hash of a file you can easily compute the hash of a file using nsicryptohash.
...And 3 more matches
NSS cryptographic module
this chapter describes the data types and functions that one can use to perform cryptographic operations with the nss cryptographic module.
... the nss cryptographic module uses the industry standard pkcs #11 v2.20 as its api with some extensions.
... therefore, an application that supports pkcs #11 cryptographic tokens can be easily modified to use the nss cryptographic module.
...And 2 more matches
Cryptography - MDN Web Docs Glossary: Definitions of Web-related terms
cryptography, or cryptology, is the science that studies how to encode and transmit messages securely.
... cryptography designs and studies algorithms used to encode and decode messages in an insecure environment, and their applications.
... more than just data confidentiality, cryptography also tackles identification, authentication, non-repudiation, and data integrity.
... therefore it also studies usage of cryptographic methods in context, cryptosystems.
Cryptographic hash function - MDN Web Docs Glossary: Definitions of Web-related terms
a cryptographic hash function, also sometimes called a digest function, is a cryptographic primitive transforming a message of arbitrary size into a message of fixed size, called a digest.
... cryptographic hash functions are used for authentication, digital signatures, and message authentication codes.
... to be used for cryptography, a hash function must have these qualities: quick to compute (because they are generated frequently) not invertible (each digest could come from a very large number of messages, and only brute-force can generate a message that leads to a given digest) tamper-resistant (any change to a message leads to a different digest) collision-resistant (it should be impossible to find two different messages that produce the same digest) cryptographic hash functions such as md5 and sha-1 are considered broken, as attacks have been found that significantly reduce their collision resistance.
Cryptography functions
the public functions listed here perform cryptographic operations based on the pkcs #11 interface.
..._getmodule mxr 3.3 and later pk11_getmoduleid mxr 3.2 and later pk11_getnextgenericobject mxr 3.9.2 and later pk11_getnextsafe mxr 3.4 and later pk11_getnextsymkey mxr 3.4 and later pk11_getpadmechanism mxr 3.4 and later pk11_getpbecryptomechanism mxr 3.12 and later pk11_getpbeiv mxr 3.6 and later pk11_getpqgparamsfromprivatekey mxr 3.4 and later pk11_getprevgenericobject mxr 3.9.2 and later pk11_getprivatekeynickname mxr 3.4 and later pk11_getprivatemoduluslen mxr 3.2 and later ...
... mxr 3.4 and later pk11_listprivkeysinslot mxr 3.4 and later pk11_listpublickeysinslot mxr 3.4 and later pk11_loadprivkey mxr 3.4 and later pk11_logoutall mxr 3.4 and later pk11_makekeapubkey mxr 3.2 and later pk11_mappbemechanismtocryptomechanism mxr 3.2 and later pk11_mapsignkeytype mxr 3.11 and later pk11_mechanismtoalgtag mxr 3.4 and later pk11_mergetokens mxr 3.12 and later pk11_movesymkey mxr 3.9 and later pk11_needlogin mxr 3.2 and later pk11_needuserinit ...
Crypto.subtle - Web APIs
WebAPICryptosubtle
the crypto.subtle read-only property returns a subtlecrypto which can then be used to perform low-level cryptographic operations.
... syntax var crypto = crypto.subtle; value a subtlecrypto object you can use to interact with the web crypto api's low-level cryptography features.
... specifications specification status comment web cryptography apithe definition of 'crypto.subtle' in that specification.
Public-key cryptography - MDN Web Docs Glossary: Definitions of Web-related terms
public-key cryptography — or asymmetric cryptography — is a cryptographic system in which keys come in pairs.
... commonly used public-key cryptosystems are rsa (for both signing and encryption), dsa (for signing) and diffie-hellman (for key agreement).
Symmetric-key cryptography - MDN Web Docs Glossary: Definitions of Web-related terms
symmetric-key cryptography is a term used for cryptographic algorithms that use the same key for encryption and for decryption.
... this is usually contrasted with public-key cryptography, in which keys are generated in pairs and the transformation made by one key can only be reversed using the other key.
nsILoginManagerCrypto
toolkit/components/passwordmgr/public/nsiloginmanagercrypto.idlscriptable please add a summary to this article.
...if the user is not logged in, performing a crypto operation will result in a master password prompt.
nsICryptoHMAC
netwerk/base/public/nsicryptohmac.idlscriptable this interface provides hmac signature algorithms.
Index
2 an overview of nss internals api, intermediate, intro, nss, tools a high-level overview to the internals of network security services (nss) software developed by the mozilla.org projects traditionally used its own implementation of security protocols and cryptographic algorithms, originally called netscape security services, nowadays called network security services (nss).
... in order to allow interoperability between software and devices that perform cryptographic operations, nss conforms to a standard called pkcs#11.
...this strategy allows nss to work with many hardware devices (e.g., to speed up the calculations required for cryptographic operations, or to access smartcards that securely protect a secret key) and software modules (e.g., to allow to load such modules as a plugin that provides additional algorithms or stores key or trust information) that implement the pkcs#11 interface.
...And 64 more matches
Index - Web APIs
WebAPIIndex
42 aescbcparams api, aescbcparams, dictionary, reference, web crypto api the aescbcparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-cbc algorithm.
... 43 aesctrparams api, aesctrparams, dictionary, reference, web crypto api the aesctrparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-ctr algorithm.
... 44 aesgcmparams api, aesgcmparams, dictionary, reference, web crypto api the aesgcmparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-gcm algorithm.
...And 47 more matches
Index - MDN Web Docs Glossary: Definitions of Web-related terms
35 block cipher mode of operation block cipher mode of operation, cryptography, glossary, security a block cipher mode of operation, usually just called a "mode" in context, specifies how a block cipher should be used to encrypt or decrypt messages that are longer than the block size.
... 68 certificate authority cryptography, glossary, security a certificate authority (ca) is an organization that signs digital certificates and their associated public keys.
... 75 cipher cryptography, glossary, privacy, security in cryptography, a cipher is an algorithm that can encode cleartext to make it unreadable, and to decode it back.
...And 24 more matches
JSS Provider Notes
the mozilla-jss jca provider newsgroup: mozilla.dev.tech.crypto overview this document describes the jca provider shipped with jss.
...it implements cryptographic operations in native code using the nss libraries.
... contents signed jar file installing the provider specifying the cryptotoken supported classes what's not supported signed jar file jss 3.2 implements several jce (java cryptography extension) algorithms.
...And 14 more matches
Mozilla-JSS JCA Provider notes
the mozilla-jss jca provider newsgroup: mozilla.dev.tech.crypto overview this document describes the jca provider shipped with jss.
...it implements cryptographic operations in native code using the nss libraries.
... contents signed jar file installing the provider specifying the cryptotoken supported classes what's not supported signed jar file jss implements several jce (java cryptography extension) algorithms.
...And 14 more matches
NSS Tools modutil
using the security module database (modutil) newsgroup: mozilla.dev.tech.crypto the security module database tool is a command-line utility for managing pkcs #11 module information within secmod.db files or within hardware tokens.
... you can use the tool to add and delete pkcs #11 modules, change passwords, set defaults, list module contents, enable or disable slots, enable or disable fips 140-2 compliance, and assign default providers for cryptographic operations.
...for general installation instructions and to install a module in environments where javascript support is available (as in netscape communicator), see the document using the jar installation manager to install a pkcs #11 cryptographic module.
...And 12 more matches
FIPS Mode - an explanation
one of the fips regulations, fips 140, governs the use of encryption and cryptographic services.
... it requires that all cryptography done by us government personnel must be done in "devices" that have been independently tested, and certified by nist, to meet the extensive requirements of that document.
... so, in order for mozilla firefox and thunderbird to be usable by people who are subject to the fips regulations, mozilla's cryptographic software must be able to operate in a mode that is fully compliant with fips 140.
...And 10 more matches
JSS FAQ
MozillaProjectsNSSJSSJSS FAQ
jss frequently asked questions newsgroup: mozilla.dev.tech.crypto content: what versions of jdk and jce do you suggest?
... how do i convert org.mozilla.jss.crypto.x509certificate to org.mozilla.jss.pkix.cert.certificate?
... how do i convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.x509certificate?
...And 9 more matches
NSS tools : modutil
modutil can add and delete pkcs #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable fips 140-2 compliance, and assign default providers for cryptographic operations.
... modutil -create -dbdir [sql:]directory adding a cryptographic module adding a pkcs #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms.
...for the most basic case, simply upload the library: modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] for example: modutil -dbdir sql:/home/my/sharednssdb -add "example pkcs #11 module" -libfile "/tmp/crypto.so" -mechanisms rsa:dsa:rc2:random using database directory ...
...And 9 more matches
NSS tools : modutil
MozillaProjectsNSStoolsmodutil
modutil can add and delete pkcs #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable fips 140-2 compliance, and assign default providers for cryptographic operations.
... modutil -create -dbdir [sql:]directory adding a cryptographic module adding a pkcs #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms.
...for the most basic case, simply upload the library: modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] for example: modutil -dbdir sql:/home/my/sharednssdb -add "example pkcs #11 module" -libfile "/tmp/crypto.so" -mechanisms rsa:dsa:rc2:random using database directory ...
...And 9 more matches
Overview of NSS
open source crypto libraries proven application security architecture if you want to add support for ssl, s/mime, or other internet security standards to your application, you can use network security services (nss) to implement all your security features.
... nss provides a complete open-source implementation of the crypto libraries used by aol, red hat, google, and other companies in a variety of products, including the following: mozilla products, including firefox, thunderbird, seamonkey, and firefox os.
...rsa standard that governs implementation of public-key cryptography based on the rsa algorithm.
...And 7 more matches
gtstd.html
a pkcs #11 module (also called a cryptographic module) manages cryptographic services such as encryption and decryption via the pkcs #11 interface.
... pkcs #11 modules can be thought of as drivers for cryptographic devices that can be implemented in either hardware or software.
... figure 2.1 illustrates the relationships between nspr, ssl, pkcs #11, and the available cryptographic modules.
...And 7 more matches
Introduction to SSL - Archive of obsolete content
the document assumes that you are familiar with the basic concepts of public-key cryptography, as summarized in "introduction to public-key cryptography." the ssl protocol the transmission control protocol/internet protocol (tcp/ip) governs the transport and routing of data over the internet.
...ssl-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public id are valid and have been issued by a certificate authority (ca) listed in the client's list of trusted cas.
... allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
...And 5 more matches
JSS
MozillaProjectsNSSJSS
nss is the cryptographic module where all cryptographic operations are performed.
...when nss is put in fips mode, jss ensures fips compliance by ensuring that all cryptographic operations are performed by the nss cryptographic module.
... jss is used by red hat and sun products that do crypto in java.
...And 5 more matches
NSS API Guidelines
nss api guidelines newsgroup: mozilla.dev.tech.crypto introduction this document describes how the nss code is organized, the libraries that get built from the nss sources, and guidelines for writing nss code.
...the areas which need the most work (both here and throughout the code) is: the relationship of the certificate library with just about every other component (most noticeably pkcs #12, pkcs #7, and pkcs #11) splitting low key and high key components more clearly the crypto wrappers (pkcs #11 wrappers) and high key pkcs #12 and pkcs #5 libraries nss compiles into the libraries described below.
... same level as ssl lib/crmf cmmf.h, crmf.h, crmft.h, cmmft.h, crmffut.h cryptohi provides high-level cryptographic support operations: such as signing, verifying signatures, key generation, key manipulation, hashing; and data types.
...And 5 more matches
nss tech note5
using nss to perform miscellaneous cryptographic operations nss technical note: 5 nss project info is at http://www.mozilla.org/projects/security/pki/nss/ you can browse the nss source online at http://lxr.mozilla.org/mozilla/source/security/nss/ and http://lxr.mozilla.org/security/ be sure to look for sample code first for things you need to do.
... key bytes */ /* turn the secitem into a key object */ pk11symkey* symkey = pk11_importsymkey(slot, ciphermech, pk11_originunwrap, cka_encrypt, &keyitem, null); if generating the key - see section generate a symmetric key <big>prepare the parameter for crypto context.
... <big>prepare the parameter for crypto context.
...And 5 more matches
PKCS11 FAQ
MozillaProjectsNSSPKCS11FAQ
for information on how to do this, see using the jar installation manager to install a pkcs #11 cryptographic module.
... what are "generic crypto svcs" (the first item listed when you click the view/edit button for the nss internal pkcs #11 module under security devices under options/security in firefox)?
... generic crypto svcs are the services that nss uses to do its basic cryptography (rsa encryption with public keys, hashing, aes, des, rc4, rc2, and so on).other pkcs #11 modules can supply implementations of these functions, and nss uses those versions under certain conditions.
...And 5 more matches
PKCS11 Implement
this document supplements the information in pkcs #11: cryptographic token interface standard, version 2.0 with guidelines for implementors of cryptographic modules who want their products to work with mozilla client software: how nss calls pkcs #11 functions.
...installing modules and informing the user of changes in the cryptographic modules settings.
...how nss calls pkcs #11 functions this section is organized according to the categories used in pkcs #11: cryptographic token interface standard, version 2.0.
...And 5 more matches
NSS tools : signtool
communicator supports the public-key cryptography standard known as pkcs #12, which governs key portability.
... -v archive displays the contents of an archive and verifies the cryptographic integrity of the digital signatures it contains and the files with which they are associated.
... signtool -v testjar.jar using certificate directory: /u/jsmith/.netscape archive "testjar.jar" has passed crypto verification.
...And 5 more matches
Network Security Services
introduction to public-key cryptography explains the basic concepts of public-key cryptography that underlie nss.
... introduction to ssl introduces the ssl protocol, including information about cryptographic ciphers supported by ssl and the steps involved in the ssl handshake.
... sample code demonstrates how nss can be used for cryptographic operations, certificate handling, ssl, etc.
...And 4 more matches
Index - Archive of obsolete content
493 javascript crypto mozilla defines a special javascript object to allow web pages access to certain cryptographic-related services.
...most of these services are available via the dom window object as window.crypto.
... 561 mozilla crypto faq nss, outdated_articles in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
...And 3 more matches
SSL and TLS - Archive of obsolete content
both of these protocols support using a variety of different cryptographic algorithms, or ciphers, for operations such as authenticating the server and client, transmitting certificates, and establishing session keys.
... key-exchange algorithms like rsa and elliptic curve cryptography (ecc) govern the way the server and client determine the symmetric keys to use during an ssl session.
... as pkis using rsa keys and certificates transition to other cryptographic systems like ecc, servers should continue to support rsa.
...And 3 more matches
An overview of NSS Internals
a high-level overview to the internals of network security services (nss) software developed by the mozilla.org projects traditionally used its own implementation of security protocols and cryptographic algorithms, originally called netscape security services, nowadays called network security services (nss).
... in order to allow interoperability between software and devices that perform cryptographic operations, nss conforms to a standard called pkcs#11.
...this strategy allows nss to work with many hardware devices (e.g., to speed up the calculations required for cryptographic operations, or to access smartcards that securely protect a secret key) and software modules (e.g., to allow to load such modules as a plugin that provides additional algorithms or stores key or trust information) that implement the pkcs#11 interface.
...And 3 more matches
sslfnc.html
therefore, an application cannot use nss to perform any cryptographic operations until after it enables appropriate cipher suites by calling one of the ssl export policy functions: nss_setdomesticpolicy, nss_setexportpolicy, and nss_setfrancepolicy configure the cipher suites for domestic, international, and french versions of software products with encryption features.
...therefore, an application cannot use nss to perform any cryptographic operations until after it enables appropriate cipher suites by calling one of the ssl export policy functions.
...unlike nss_init, nss_nodb_init allows applications that do not have access to storage for databases to run raw crypto, hashing, and certificate functions.
...And 3 more matches
Web Authentication API - Web APIs
the web authentication api is an extension of the credential management api that enables strong authentication with public key cryptography, enabling passwordless authentication and/or secure second-factor authentication without sms texts.
... web authentication concepts and usage the web authentication api (also referred to as webauthn) uses asymmetric (public-key) cryptography instead of passwords or sms texts for registering, authenticating, and second-factor authentication with websites.
... authenticatorresponse the base interface for authenticatorattestationresponse and authenticatorassertionresponse, which provide a cryptographic root of trust for a key pair.
...And 3 more matches
Encryption and Decryption - Archive of obsolete content
a cryptographic algorithm, also called a cipher, is a mathematical function used for encryption or decryption.
... with most modern cryptography, the ability to keep encrypted information secret is based not on the cryptographic algorithm, which is widely known, but on a number called a key that must be used with the algorithm to produce an encrypted result or to decrypt previously encrypted information.
...nevertheless, private-key encryption is useful, because it means you can use your private key to sign data with your digital signature-an important requirement for electronic commerce and other commercial applications of cryptography.
...And 2 more matches
Configuring Build Options
ac_add_options --disable-crypto cryptography is enabled by default.
... in some countries, it may be illegal to use or export cryptographic software.
... you should become familiar with the cryptography laws in your country.
...And 2 more matches
NSS FAQ
MozillaProjectsNSSFAQ
it provides a complete open-source implementation of the crypto libraries used by mozilla and other companies in the firefox browser, aol instant messenger (aim), server products from red hat, and other products.
... openssl is an open source project that implements server-side ssl, tls, and a general-purpose cryptography library.
... what cryptography standards are supported?
...And 2 more matches
NSS_3.12_release_notes.html
nss 3.12 release notes 17 june 2008 newsgroup: mozilla.dev.tech.crypto contents introduction distribution information new in nss 3.12 bugs fixed documentation compatibility feedback introduction network security services (nss) 3.12 is a minor release with the following new features: sqlite-based shareable certificate and key databases libpkix: an rfc 3280 compliant certificate path validation library camellia cipher support tls session ticket extension (rfc 5077) nss 3.12 is tri-licensed under the mpl 1.1/gpl 2.0/lgpl 2.1.
...ert.h) cert_setocsptimeout (see certhigh/ocsp.h) cert_setusepkixforvalidation (see cert.h) cert_pkixverifycert (see cert.h) hash_gettype (see sechash.h) nss_initwithmerge (see nss.h) pk11_createmergelog (see pk11pub.h) pk11_creategenericobject (see pk11pub.h) pk11_createpbev2algorithmid (see pk11pub.h) pk11_destroymergelog (see pk11pub.h) pk11_generatekeypairwithopflags (see pk11pub.h) pk11_getpbecryptomechanism (see pk11pub.h) pk11_isremovable (see pk11pub.h) pk11_mergetokens (see pk11pub.h) pk11_writerawattribute (see pk11pub.h) seckey_ecparamstobasepointorderlen (see keyhi.h) seckey_ecparamstokeysize (see keyhi.h) secmod_deletemoduleex (see secmod.h) sec_getregisteredhttpclient (see ocsp.h) sec_pkcs5isalgorithmpbealgtag (see secpkcs5.h) vfy_createcontextdirect (see cryptohi.h) vfy_createconte...
...xtwithalgorithmid (see cryptohi.h) vfy_verifydatadirect (see cryptohi.h) vfy_verifydatawithalgorithmid (see cryptohi.h) vfy_verifydigestdirect (see cryptohi.h) vfy_verifydigestwithalgorithmid (see cryptohi.h) new macros for camellia support (see blapit.h): nss_camellia nss_camellia_cbc camellia_block_size new macros for rsa (see blapit.h): rsa_max_modulus_bits rsa_max_exponent_bits new macros in certt.h: x.509 v3 ku_encipher_only cert_max_serial_number_bytes cert_max_dn_bytes pkix cert_rev_m_do_not_test_using_this_method cert_rev_m_test_using_this_method cert_rev_m_allow_network_fetching cert_rev_m_forbid_network_fetching cert_rev_m_allow_implicit_default_source cert_rev_m_ignore_implicit_default_source cert_rev_m_skip_test_on_missing_source cert_rev_m_require_info_on_missing_source c...
...And 2 more matches
nss tech note7
rsa key pairs may be generated inside a crypto module (also known as a token).
... use pk11_generatekeypair() to generate a key pair in a crypto module.
... key pairs may be generated elsewhere, exported in encrypted form, and imported into a crypto module.
...And 2 more matches
PKCS #11 Module Specs
sample file: library= name="netscape internal crypto module" parameters="configdir=/u/relyea/.netscape certprefix= secmod=secmod.db" nss="flags=internal,pkcs11module trustorder=1 cipherorder=-1 ciphers= slotparams={0x1=[slotflags='rsa,dsa,dh,rc4,rc2,des,md2,md5,sha1,ssl,tls,publiccerts,random'] 0x2=[slotflags='rsa' askpw=only]}" library=dkck32.dll name="datakey signasure 3600" nss="trustorder=50 ciphers= " library=swft32.dll name="netscape softwa...
... cryptotokendescription override the default label value for the internal crypto token returned in the ck_token_info structure with an internationalize string (utf8).
... cryptoslotdescription override the default slotdescription value for the internal crypto token returned in the ck_slot_info structure with an internationalize string (utf8).
...And 2 more matches
FC_Initialize
description fc_initialize initializes the nss cryptographic module for the fips mode of operation.
...ir='' certprefix='' keyprefix='' secmod='' flags=readonly,nocertdb,nomod db,forceopen,optimizespace " mozilla firefox initializes nss with this string (on windows): "configdir='c:\\documents and settings\\wtc\\application data\\mozilla\\firefox\\profiles\\default.7tt' certprefix='' keyprefix='' secmod='secmod.db' flags=optimizespace manufacturerid='mozilla.org' librarydescription='psm internal crypto services' cryptotokendescription='generic crypto services' dbtokendescription='software security device' cryptoslotdescription='psm internal cryptographic services' dbslotdescription='psm private keys' fipsslotdescription='psm internal fips-140-1 cryptographic services' fipstokendescription='psm fips-140-1 user private key services' minps=0" see pkcs #11 module specs for complete documentation o...
...the nss cryptographic module always uses os locking and doesn't know how to use the lock functions provided by the application.
...And 2 more matches
NSS functions
in addition to the functions listed here, applications that support ssl use some of the certificate functions, crypto functions, and utility functions described below on this page.
...verifycertificatenow cert_verifyocspresponsesignature mxr 3.6 and later cert_verifysigneddata mxr 3.4 and later cert_verifysigneddatawithpublickey mxr 3.7 and later cert_verifysigneddatawithpublickeyinfo mxr 3.7 and later nss_cmpcertchainwcanames mxr 3.2 and later nss_findcertkeatype mxr 3.2 and later cryptography functions the public functions listed here perform cryptographic operations based on the pkcs #11 interface.
..._getmodule mxr 3.3 and later pk11_getmoduleid mxr 3.2 and later pk11_getnextgenericobject mxr 3.9.2 and later pk11_getnextsafe mxr 3.4 and later pk11_getnextsymkey mxr 3.4 and later pk11_getpadmechanism mxr 3.4 and later pk11_getpbecryptomechanism mxr 3.12 and later pk11_getpbeiv mxr 3.6 and later pk11_getpqgparamsfromprivatekey mxr 3.4 and later pk11_getprevgenericobject mxr 3.9.2 and later pk11_getprivatekeynickname mxr 3.4 and later pk11_getprivatemoduluslen mxr 3.2 and later ...
...And 2 more matches
Index
MozillaTechXPCOMIndex
459 nsicryptohmac interfaces, interfaces:scriptable, xpcom, xpcom interface reference hashing algorithms.
... 460 nsicryptohash interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference these constants are used by the init() method to indicate which hashing function to use.
... the values map directly onto the values defined in mozilla/security/nss/lib/cryptohi/hasht.h.
...And 2 more matches
Creating Reusable Modules - Archive of obsolete content
} return path; } hash function firefox has built-in support for hash functions, exposed via the nsicryptohash xpcom interface the documentation page for that interface includes an example of calculating an md5 hash of a file's contents, given its path.
...ce(-2); } function md5file(path) { var f = cc["@mozilla.org/file/local;1"] .createinstance(ci.nsilocalfile); f.initwithpath(path); var istream = cc["@mozilla.org/network/file-input-stream;1"] .createinstance(ci.nsifileinputstream); // open for reading istream.init(f, 0x01, 0444, 0); var ch = cc["@mozilla.org/security/hash;1"] .createinstance(ci.nsicryptohash); // we want to use the md5 algorithm ch.init(ch.md5); // this tells updatefromstream to read the entire file const pr_uint32_max = 0xffffffff; ch.updatefromstream(istream, pr_uint32_max); // pass false here to get binary data back var hash = ch.finish(false); // convert the binary hash data to a hex string.
...ce(-2); } function md5file(path) { var f = cc["@mozilla.org/file/local;1"] .createinstance(ci.nsilocalfile); f.initwithpath(path); var istream = cc["@mozilla.org/network/file-input-stream;1"] .createinstance(ci.nsifileinputstream); // open for reading istream.init(f, 0x01, 0444, 0); var ch = cc["@mozilla.org/security/hash;1"] .createinstance(ci.nsicryptohash); // we want to use the md5 algorithm ch.init(ch.md5); // this tells updatefromstream to read the entire file const pr_uint32_max = 0xffffffff; ch.updatefromstream(istream, pr_uint32_max); // pass false here to get binary data back var hash = ch.finish(false); // convert the binary hash data to a hex string.
...ce(-2); } function md5file(path) { var f = cc["@mozilla.org/file/local;1"] .createinstance(ci.nsilocalfile); f.initwithpath(path); var istream = cc["@mozilla.org/network/file-input-stream;1"] .createinstance(ci.nsifileinputstream); // open for reading istream.init(f, 0x01, 0444, 0); var ch = cc["@mozilla.org/security/hash;1"] .createinstance(ci.nsicryptohash); // we want to use the md5 algorithm ch.init(ch.md5); // this tells updatefromstream to read the entire file const pr_uint32_max = 0xffffffff; ch.updatefromstream(istream, pr_uint32_max); // pass false here to get binary data back var hash = ch.finish(false); // convert the binary hash data to a hex string.
JavaScript Client API - Archive of obsolete content
but, you want to use a derived class, cryptowrapper, which seamlessly encrypts and decrypts records on the client.
...all you have to do is write an object that extends cryptowrapper and maintains a property called cleartext.
... the skeleton of a sample record implementation: function foorecord(collection, id) { cryptowrapper.call(this, collection, id); } foorecord.prototype = { __proto__: cryptowrapper.prototype, _logname: "record.foo", ttl: foo_ttl, // optional get bar() this.cleartext.bar, set bar(value) { this.cleartext.bar = value; }, get baz() this.cleartext.baz, set baz(value) { this.cleartext.baz = value; } }; to save all that typing for declaring the getters and setters, you can also use utils.defergetset: function foorecord(co...
...llection, id) { cryptowrapper.call(this, collection, id); } foorecord.prototype = { __proto__: cryptowrapper.prototype, _logname: "record.foo", ttl: foo_ttl // optional }; utils.defergetset(foorec, "cleartext", ["bar", "baz"]); the store object the store object (which extends store, as defined in services/sync/modules/engines.js) has the job of creating and maintaining a set of record objects from the underlying data.
Archived Mozilla and build documentation - Archive of obsolete content
these 2 objects let you make use of the standard jdk classes, e.g., javascript crypto mozilla defines a special javascript object to allow web pages access to certain cryptographic-related services.
...most of these services are available via the dom window object as window.crypto.
... mozilla application framework the mozilla application framework: for powerful, easy to develop cross-platform applications mozilla crypto faq in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
...if you wish to develop and distribute cryptographic software, particularly for commercial sale or distribution, then you should consult an attorney with expertise in the particular laws and regulations that apply in your jurisdiction.
TCP/IP Security - Archive of obsolete content
designing a cryptographically sound application protocol is very difficult, and implementing it properly is even more challenging, so creating new application layer security controls is likely to create vulnerabilities.
... data link layer controls for dedicated circuits are most often provided by specialized hardware devices known as data link encryptors; data link layer controls for other types of connections, such as dial-up modem communications, are usually provided through software.
... this is accomplished by encrypting data using a cryptographic algorithm and a secret key—a value known only to the two parties exchanging data.
... the integrity of data can be assured by generating a message authentication code (mac) value, which is a keyed cryptographic checksum of the data.
Random Number Generator - MDN Web Docs Glossary: Definitions of Web-related terms
a cryptographically secure prng is a prng with certain extra properties making it suitable for use in cryptography.
... most prngs are not cryptographically secure.
...note that this is not a cryptographically secure prng.
... crypto.getrandomvalues(): this is intended to provide cryptographically secure numbers.
MDN Web Docs Glossary: Definitions of Web-related terms
time computer programming conditional constant constructor continuous media control flow cookie copyleft cors cors-safelisted request header cors-safelisted response header crawler crlf cross axis cross-site scripting crud cryptanalysis cryptographic hash function cryptography csp csrf css css object model (cssom) css pixel css preprocessor d data structure decryption delta denial of service descriptor (css) deserialization developer tools dhtml digest digital certifica...
... primitive privileged privileged code progressive enhancement progressive web apps promise property property (css) property (javascript) protocol prototype prototype-based programming proxy server pseudo-class pseudo-element pseudocode public-key cryptography python q quality values quaternion quic r rail random number generator raster image rdf real user monitoring (rum) recursion reference reflow regular expression rendering engine repo reporting directive reque...
...tion) specification speculative parsing speed index sql sql injection sri stacking context state machine statement static method static typing strict mode string stun style origin stylesheet svg svn symbol symmetric-key cryptography synchronous syntax syntax error synthetic monitoring t tag tcp tcp handshake tcp slow start telnet texel thread three js time to first byte time to interactive tld tofu transmission control protocol (tcp) transport ...
... whitespace world wide web wrapper x xforms xhr (xmlhttprequest) xhtml xinclude xlink xml xpath xquery xslt other 404 502 alpn at-rule attack byte-order mark character set client cryptosystem debug digital signature execution flex-direction glsl interface library memory management routers self-executing anonymous function stylesheet vector image ...
Using JSS
MozillaProjectsNSSJSSUsing JSS
using jss newsgroup: mozilla.dev.tech.crypto if you have already built jss, or if you are planning to use a binary release of jss, here's how to get jss working with your code.
... nspr and nss shared libraries jss uses the nspr and nss libraries for i/o and crypto.
... jss dependencies core library name description binary release location nspr4 nspr os abstraction layer http://ftp.mozilla.org/pub/mozilla.org/nspr/releases plc4 nspr standard c library replacement functions plds4 nspr data structure types nss3 nss crypto, pkcs #11, and utilities http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases ssl3 nss ssl library smime3 nss s/mime functions and types nssckbi pkcs #11 module containing built-in root ca certificates.
... initialize jss in your application before calling any jss methods, you must initialize jss by calling one of the cryptomanager.initialize methods.
sample2
*/ /* nspr headers */ #include <prthread.h> #include <plgetopt.h> #include <prerror.h> #include <prinit.h> #include <prlog.h> #include <prtypes.h> #include <plstr.h> /* nss headers */ #include <cryptohi.h> #include <keyhi.h> #include <pk11priv.h> #include <cert.h> #include <base64.h> #include <secerr.h> #include <secport.h> #include <secoid.h> #include <secmodt.h> #include <secoidt.h> #include <sechash.h> /* our samples utilities */ #include "util.h" /* constants */ #define blocksize 32 #define modblocksize 128 #define default_key_bits 1024 /* header file constants */ #define enckey_header "--...
...(nb = pr_read(infile, ibuf, sizeof(ibuf))) > 0) { rv = vfy_update(vfy, ibuf, nb); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_update\n"); goto cleanup; } } rv = vfy_end(vfy); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_end\n"); goto cleanup; } cleanup: if (infile) { pr_close(infile); } if (vfy) { vfy_destroycontext(vfy, pr_true); } return rv; } /* * write cryptographic parameters to header file */ secstatus writetoheaderfile(const char *buf, unsigned int len, headertype type, prfiledesc *outfile) { secstatus rv; const char *header; const char *trailer; switch (type) { case symkey: header = enckey_header; trailer = enckey_trailer; break; case mackey: header = mackey_header; trailer = mackey_trailer; break; case iv: header = iv_header; trailer = iv_trailer...
...eader; trailer = ns_sig_trailer; break; case lab: header = lab_header; trailer = lab_trailer; pr_fprintf(outfile, "%s\n", header); pr_fprintf(outfile, "%s\n", buf); pr_fprintf(outfile, "%s\n\n", trailer); return secsuccess; break; default: return secfailure; } pr_fprintf(outfile, "%s\n", header); printashex(outfile, buf, len); pr_fprintf(outfile, "%s\n\n", trailer); return secsuccess; } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv = secsuccess; prfiledesc* file = null; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char *header; char *trailer; outbuf.type = sibuffer; file = pr_open(filename, pr_rdonly, 0); if (!file) { pr_fprintf(pr_std...
...ename></ipfilename></headerfilename></ipfilename></headerfilename></encryptfilename></ipfilename></headerfilename></headerfilename></nickname></serialnumber></issuernickname></csr></cert></trust></nickname></csr></subject></noisefilename></dbpwdfile></dbpwd></dbdirpath></g|a|h|e|ds|v></sechash.h></secoidt.h></secmodt.h></secoid.h></secport.h></secerr.h></base64.h></cert.h></pk11priv.h></keyhi.h></cryptohi.h></plstr.h></prtypes.h></prlog.h></prinit.h></prerror.h></plgetopt.h></prthread.h> ...
FC_GetInfo
on return, the ck_info structure that pinfo points to has the following information: cryptokiversion: pkcs #11 interface version number implemented by the pkcs #11 library.
... librarydescription: description of the library, "nss internal crypto services", padded with spaces to 32 characters and not null-terminated.
...fc_getinfo should return ckr_cryptoki_not_initialized if the library is not initialized.
... /* invoke fc_getinfo as pfunctionlist->c_getinfo */ crv = pfunctionlist->c_getinfo(&info); assert(crv == ckr_ok); printf("general information about the pkcs #11 library:\n"); printf(" pkcs #11 version: %d.%d\n", (int)info.cryptokiversion.major, (int)info.cryptokiversion.minor); printf(" manufacturer id: %.32s\n", info.manufacturerid); printf(" flags: 0x%08lx\n", info.flags); printf(" library description: %.32s\n", info.librarydescription); printf(" library version: %d.%d\n", (int)info.libraryversion.major, (int)info.libraryversion.minor); printf("\n"); see also nsc_getinfo ...
NSS environment variables
3.11.8 nss_enable_audit boolean (1 to enable) enable auditing of activities of the nss cryptographic module in fips mode.
... 3.4 nss_strict_nofork string ("1", "disabled", or any other non-empty value) it is an error to try to use a pkcs#11 crypto module in a process before it has been initialized in that process, even if the module was initialized in the parent process.
... 3.12.6 nss_disable_ecc (deprecated) boolean (1 to disable) disable elliptic curve cryptography features.
... 3.16 nss_enable_ecc (deprecated) boolean (1 to enable) enable building of code that uses elliptic curve cryptography.
sslerr.html
ssl_error_token_insertion_removal -12205 "pkcs #11 token was inserted or removed while operation was in progress." a cryptographic operation required to complete the handshake failed because the token that was performing it was removed while the handshake was underway.
... ssl_error_token_slot_not_found -12204 "no pkcs#11 token could be found to do a required operation." a cryptographic operation required a pkcs#11 token with specific abilities, and no token could be found in any slot, including the "soft token" in the internal virtual slot, that could do the job.
...on a server socket, indicates a failure of one of the following: (a) to unwrap the pre-master secret from the clientkeyexchange message, (b) to derive the master secret from the premaster secret, (c) to derive the mac secrets, cryptographic keys, and initialization vectors from the master secret.
... ssl_error_decompression_failure -12177 "ssl received a compressed record that could not be decompressed." sec error codes table 8.2 security error codes defined in secerr.h constant value description sec_error_io -8192 an i/o error occurred during authentication; or an error occurred during crypto operation (other than signature verification).
AesCbcParams - Web APIs
the aescbcparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-cbc algorithm.
...must be 16 bytes, unpredictable, and preferably cryptographically random.
... examples see the examples for subtlecrypto.encrypt() and subtlecrypto.decrypt().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.aescbcparams' in that specification.
AesGcmParams - Web APIs
the aesgcmparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-gcm algorithm.
... according to the web crypto specification this must have one of the following values: 32, 64, 96, 104, 112, 120, or 128.
... examples see the examples for subtlecrypto.encrypt() and subtlecrypto.decrypt().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.aesgcmparams' in that specification.
EcdhKeyDeriveParams - Web APIs
the ecdhkeyderiveparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.derivekey(), when using the ecdh algorithm.
... public a cryptokey object representing the public key of the other entity.
... examples see the examples for subtlecrypto.derivekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.ecdhkeyderiveparams' in that specification.
Pbkdf2Params - Web APIs
the pbkdf2params dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.derivekey(), when using the pbkdf2 algorithm.
...this may be one of: sha-1 sha-256 sha-384 sha-512 warning: sha-1 is considered vulnerable in most cryptographic applications, but is still considered safe in pbkdf2.
... examples see the examples for subtlecrypto.derivekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.pbkdf2params' in that specification.
Subresource Integrity - Web security
it works by allowing you to provide a cryptographic hash that a fetched resource must match.
... using subresource integrity you use the subresource integrity feature by specifying a base64-encoded cryptographic hash of a resource (file) you’re telling the browser to fetch, in the value of the integrity attribute of any <script> or <link> element.
... note: an integrity value's "hash" part is, strictly speaking, a cryptographic digest formed by applying a particular hash function to some input (for example, a script or stylesheet file).
... but it’s common to use the shorthand "hash" to mean cryptographic digest, so that's what's used in this article.
Web security
newly issued certificates are 'logged' to publicly run, often independent ct logs which maintain an append-only, cryptographically assured record of issued tls certificates.
...it works by allowing you to provide a cryptographic hash that a fetched resource must match.
... security-related glossary terms block cipher mode of operation certificate authority challenge-response authentication cipher cipher suite ciphertext cors cors-safelisted request header cors-safelisted response header cross-site scripting cryptanalysis cryptographic hash function cryptography csp csrf decryption digital certificate dtls encryption forbidden header name forbidden response header name hash hmac hpkp hsts https key mitm owasp preflight request public-key cryptography reporting directive robots.txt same-origi...
...n policy session hijacking sql injection symmetric-key cryptography tofu tls ...
Index of archived content - Archive of obsolete content
viewer creating a help content pack helper apps (and a bit of save as) hidden prefs how to write and land nanojit patches io guide/directory keys introducing the audio api extension isp data java in firefox extensions javascript os.shared javascript crypto crmf request object generatecrmfrequest() importusercertificates popchallengeresponse jetpack basics content page modifications extenders jetpack snippets ...
... microsummary topics microsummary xml grammar reference migrate apps from internet explorer to mozilla modularization techniques monitoring downloads mozilla application framework mozilla application framework in detail mozilla crypto faq mozprocess mozprofile mozrunner nsc_setpin nanojit lir new security model for web services new skin notes overview of how downloads work plug-n-hack plug-n-hack get involved plug-n-hack phase1 ...
...est cases shipping a plugin as a toolkit bundle supporting private browsing in plugins the first install problem writing a plugin for mac os x xembed extension for mozilla plugins sax security digital signatures encryption and decryption introduction to public-key cryptography introduction to ssl nspr release engineering guide ssl and tls solaris 10 build prerequisites sunbird theme tutorial table reflow internals tamarin tracing build documentation the basics of web services themes building a theme common firefox theme issues a...
Visual typescript game engine - Game development
main dependency file // symbolic for now const plarformergameinfo = { name: "crypto-runner", title: "play platformer crypto runner!", }; // symbolic for now const gameslist: any[] = [ plarformergameinfo, ]; const master = new ioc(gameslist); const appicon: appicon = new appicon(master.get.browser); master.singlton(platformer, master.get.starter); console.log("platformer: ", master.get.platformer); master.get.platformer.attachappevents(); project structure builds/ is a...
... https://www.npmjs.com/package/@types/matter-js crypto icons downloaded from https://www.behance.net/junikstudio todo list for 2019 i'm still far away from the project objective : make visual nodes for editor mode in gameplay.
... item's selling for crypto values.
Decryption - MDN Web Docs Glossary: Definitions of Web-related terms
in cryptography, decryption is the conversion of ciphertext into cleartext.
... decryption is a cryptographic primitive: it transforms a ciphertext message into plaintext using a cryptographic algorithm called a cipher.
...how hard depends on the security of the cryptographic algorithm chosen and evolves with the progress of cryptanalysis.
Encryption - MDN Web Docs Glossary: Definitions of Web-related terms
in cryptography, encryption is the conversion of cleartext into a coded text or ciphertext.
... encryption is a cryptographic primitive: it transforms a plaintext message into a ciphertext using a cryptographic algorithm called a cipher.
...how hard depends on the security of the cryptographic algorithm chosen and evolves with the progress of cryptanalysis.
Key - MDN Web Docs Glossary: Definitions of Web-related terms
encrypted messages should remain secure even if everything about the cryptosystem, except for the key, is public knowledge.
... in symmetric-key cryptography, the same key is used for both encryption and decryption.
... in public-key cryptography, there exists a pair of related keys known as the public key and private key.
McCoy
the cryptographic keys and other mccoy data are kept in a profile folder separate from the application so you can uninstall and reinstall without losing your precious keys.
...this is in the form of the public part of a cryptographic key included in the original add-on you release.
... the first step is to create a cryptographic key.
NSS 3.16.1 release notes
nss 3.16.1 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_16_1_rtm/src/ new in nss 3.16.1 new functionality added the "ecc" flag for modutil to select the module used for elliptic curve cryptography (ecc) operations.
... new macros in secmod.h public_mech_ecc_flag - a public mechanism flag for elliptic curve cryptography (ecc) operations.
... in utilmodt.h secmod_ecc_flag - an nss-internal mechanism flag for elliptic curve cryptography (ecc) operations.
NSS tools : pk12util
v2 pbe with sha1 and 3key triple des-cbc o pkcs12 v2 pbe with sha1 and 2key triple des-cbc o pkcs12 v2 pbe with sha1 and 128 bit rc2 cbc o pkcs12 v2 pbe with sha1 and 40 bit rc2 cbc pkcs#5 pbe ciphers o pkcs #5 password based encryption with md2 and des cbc o pkcs #5 password based encryption with md5 and des cbc o pkcs #5 password based encryption with sha1 and des cbc with pkcs#12, the crypto provider may be the soft token module or an external hardware module.
... if the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default).
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, sun, oracle, mozilla, and google.
NSS reference
pkcs #11 functions based on pkcs #11 functions in the ssl reference and "crypto functions" in nss public functions.
... pkcs #7 functions based on "archived pkcs #7 functions documentation." pkcs #5 functions password-based encryption sec_pkcs5getiv sec_pkcs5createalgorithmid sec_pkcs5getcryptoalgorithm sec_pkcs5getkeylength sec_pkcs5getpbealgorithm sec_pkcs5isalgorithmpbealg pkcs #12 functions based on "archived pkcs #12 functions documentation." used to exchange data such as private keys and certificates between two parties.
... nss environment variables nss cryptographic module nss tech notes nss tech notes nss memory allocation tools based on nss tools documentation.
NSS Tools
nss security tools newsgroup: mozilla.dev.tech.crypto overview the nss security tools allow developers to test, debug, and manage applications that use nss.
... if you have feedback or questions, please feel free to post to mozilla.dev.tech.crypto.
...add modules and modify the properties of existing modules (such as whether a module is the default provider of some crypto service).
NSS_3.12.3_release_notes.html
nss 3.12.3 release notes 2009-04-01 newsgroup: mozilla.dev.tech.crypto contents introduction distribution information new in nss 3.12.3 bugs fixed documentation compatibility feedback introduction network security services (nss) 3.12.3 is a patch release for nss 3.12.
... new in nss 3.12.3 changes in behavior: in the development of nss 3.12.3, it became necessary to change some old library behaviors due to the discovery of certain vulnerabilities in the old behaviors, and to correct some errors that had limited nss's ability to interoperate with cryptographic hardware and software from other sources.
... nss_strict_nofork string ("1", "disabled", or any other non-empty value) it is an error to try to use a pkcs#11 crypto module in a process before it has been initialized in that process, even if the module was initialized in the parent process.
NSS Tools pk12util
using the pkcs #12 tool (pk12util) newsgroup: mozilla.dev.tech.crypto the pkcs #12 utility makes sharing of certificates among enterprise server 3.x and any server (netscape products or non-netscape products) that supports pkcs#12 possible.
... and 3key triple des-cbc" "pkcs12 v2 pbe with sha1 and 2key triple des-cbc" "pkcs12 v2 pbe with sha1 and 128 bit rc2 cbc" "pkcs12 v2 pbe with sha1 and 40 bit rc2 cbc" pkcs #5 pbe ciphers: "pkcs #5 password based encryption with md2 and des cbc" "pkcs #5 password based encryption with md5 and des cbc" "pkcs #5 password based encryption with sha1 and des cbc" it should be noted that the the crypto provider may be the softtoken module or an external hardware module.
... it may be the case that the cryptographic module does not support the requested algorithm and a best fit will be selected, likely to be the default.
certutil
internal slot 1 is used by cryptographic services.
... $ certutil -u -d sql:/home/my/sharednssdb slot: nss user private key and certificate services token: nss certificate db slot: nss internal cryptographic services token: nss generic crypto services adding certificates to the database existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere.
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
NSS tools : pk12util
d 2key triple des-cbc o pkcs12 v2 pbe with sha1 and 128 bit rc2 cbc o pkcs12 v2 pbe with sha1 and 40 bit rc2 cbc pkcs#5 pbe ciphers pkcs #5 password based encryption with md2 and des cbc o pkcs #5 password based encryption with md5 and des cbc o pkcs #5 password based encryption with sha1 and des cbc with pkcs#12, the crypto provider may be the soft token module or an external hardware module.
... if the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default).
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
AesCtrParams - Web APIs
the aesctrparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the aes-ctr algorithm.
... examples see the examples for subtlecrypto.encrypt() and subtlecrypto.decrypt().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.aesctrparams' in that specification.
AesKeyGenParams - Web APIs
the aeskeygenparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.generatekey(), when generating an aes key: that is, when the algorithm is identified as any of aes-cbc, aes-ctr, aes-gcm, or aes-kw.
... examples see the examples for subtlecrypto.generatekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.aeskeygenparams' in that specification.
EcKeyGenParams - Web APIs
the eckeygenparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.generatekey(), when generating any elliptic-curve-based key pair: that is, when the algorithm is identified as either of ecdsa or ecdh.
...this may be any of the following names for nist-approved curves: p-256 p-384 p-521 examples see the examples for subtlecrypto.generatekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.eckeygenparams' in that specification.
EcKeyImportParams - Web APIs
the eckeyimportparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.importkey() or subtlecrypto.unwrapkey(), when generating any elliptic-curve-based key pair: that is, when the algorithm is identified as either of ecdsa or ecdh.
...this may be any of the following names for nist-approved curves: p-256 p-384 p-521 examples see the examples for subtlecrypto.importkey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.eckeyimportparams' in that specification.
EcdsaParams - Web APIs
the ecdsaparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.sign() or subtlecrypto.verify() when using the ecdsa algorithm.
... examples see the examples for subtlecrypto.sign() or subtlecrypto.verify().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.ecdsaparams' in that specification.
HkdfParams - Web APIs
the hkdfparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.derivekey(), when using the hkdf algorithm.
... examples see the examples for subtlecrypto.derivekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.hkdfparams' in that specification.
HmacImportParams - Web APIs
the hmacimportparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.importkey() or subtlecrypto.unwrapkey(), when generating a key for the hmac algorithm.
... examples see the examples for subtlecrypto.importkey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.hmacimportparams' in that specification.
HmacKeyGenParams - Web APIs
the hmackeygenparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.generatekey(), when generating a key for the hmac algorithm.
... examples see the examples for subtlecrypto.generatekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.hmackeygenparams' in that specification.
PublicKeyCredentialCreationOptions - Web APIs
publickeycredentialcreationoptions.challenge a buffersource, emitted by the relying party's server and used as a cryptographic challenge.
... publickeycredentialcreationoptions.pubkeycredparams an array of element which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations.
...mples // some examples of cose algorithms const cose_alg_ecdsa_w_sha256 = -7; const cose_alg_ecdsa_w_sha512 = -36; var createcredentialoptions = { // format of new credentials is publickey publickey: { // relying party rp: { name: "example corp", id: "login.example.com", icon: "https://login.example.com/login.ico" }, // cryptographic challenge from the server challenge: new uint8array(26), // user user: { id: new uint8array(16), name: "john.p.smith@example.com", displayname: "john p.
RsaHashedImportParams - Web APIs
the rsahashedimportparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.importkey() or subtlecrypto.unwrapkey(), when importing any rsa-based key pair: that is, when the algorithm is identified as any of rsassa-pkcs1-v1_5, rsa-pss, or rsa-oaep.
... examples see the examples for subtlecrypto.importkey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.rsahashedimportparams' in that specification.
RsaHashedKeyGenParams - Web APIs
the rsahashedkeygenparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.generatekey(), when generating any rsa-based key pair: that is, when the algorithm is identified as any of rsassa-pkcs1-v1_5, rsa-pss, or rsa-oaep.
... examples see the examples for subtlecrypto.generatekey().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.rsahashedkeygenparams' in that specification.
RsaOaepParams - Web APIs
the rsaoaepparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the rsa_oaep algorithm.
... examples see the examples for subtlecrypto.encrypt() and subtlecrypto.decrypt().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.rsaoaepparams' in that specification.
RsaPssParams - Web APIs
the rsapssparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.sign() or subtlecrypto.verify(), when using the rsa-pss algorithm.
... examples see the examples for subtlecrypto.sign() and subtlecrypto.verify().
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.rsapssparams' in that specification.
Web APIs
WebAPI
timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api interfaces this is a list of all the interfaces (that is, types of objects) that are available.
...deringcontext2d caretposition channelmergernode channelsplitternode characterdata childnode client clients clipboard clipboardevent clipboarditem closeevent comment compositionevent constantsourcenode constrainboolean constraindomstring constraindouble constrainulong contentindex contentindexevent convolvernode countqueuingstrategy crashreportbody credential credentialscontainer crypto cryptokey cryptokeypair customelementregistry customevent d domconfiguration domerror domexception domhighrestimestamp domimplementation domimplementationlist domlocator dommatrix dommatrixreadonly domobject domparser dompoint dompointinit dompointreadonly domquad domrect domrectreadonly domstring domstringlist domstringmap domtimestamp domtokenlist domuserdata datatransfer dat...
...ionerrorevent speechrecognitionevent speechrecognitionresult speechrecognitionresultlist speechsynthesis speechsynthesiserrorevent speechsynthesisevent speechsynthesisutterance speechsynthesisvoice staticrange stereopannernode storage storageestimate storageevent storagemanager storagequota stylepropertymap stylepropertymapreadonly stylesheet stylesheetlist submitevent subtlecrypto syncevent syncmanager t taskattributiontiming text textdecoder textencoder textmetrics textrange texttrack texttrackcue texttracklist timeevent timeranges touch touchevent touchlist trackdefault trackdefaultlist trackevent transferable transformstream transitionevent treewalker typeinfo u uievent ulongrange url urlsearchparams urlutilsreadonly usb usbalternateinterface usb...
Installing Extensions and Themes From Web Pages - Archive of obsolete content
hash the hash property specifies a cryptographic hash of the xpi file contents.
...you can use any hash function supported by nsicryptohash.
Code snippets - Archive of obsolete content
tially corrupt a server components.utils.import("resource://services-sync/main.js"); components.utils.import("resource://services-sync/resource.js"); function deletepath(path) { let resource = new resource(weave.service.storageurl + path); resource.setheader("x-confirm-delete", "1"); return resource.delete(); } // delete meta/global: deletepath("meta/global"); // delete keys: deletepath("crypto/keys"); // delete server: deletepath(""); corrupt a single engine on the server let engine = "bookmarks"; components.utils.import("resource://services-sync/main.js"); components.utils.import("resource://services-sync/resource.js"); components.utils.import("resource://services-sync/util.js"); let r = new resource(weave.service.storageurl + "meta/global"); let g = r.get(); let envelope = json.par...
...bal"); r.put(g); delete and restore a record components.utils.import("resource://services-sync/main.js"); components.utils.import("resource://services-sync/resource.js"); components.utils.import("resource://services-sync/record.js"); // for example: let id = "iasokuozpixz" let collection = "bookmarks"; let resource = new resource(weave.service.storageurl + collection + "/" + id); let del = new cryptowrapper(collection, id); del.deleted = true; del.encrypt(); // save the old value.
generateCRMFRequest() - Archive of obsolete content
use <keygen> or the future web crypto api instead.
... crmfobject = crypto.generatecrmfrequest("requesteddn", "regtoken", "authenticator", "escrowauthoritycert", "crmf generation done code", keysize1, "keyparams1", "keygenalg1", ..., keysizen, "keyparamsn", "keygenalgn"); this method will generate a sequence of crmf requests that has n requests.
importUserCertificates - Archive of obsolete content
use <keygen> or the future web crypto api instead.
... resultstring = crypto.importusercertificates("nicknamestring","certstring",forcebackup); argument description "nicknamestring" this is the nickname that will be used to describe the certificate in the client's certificate management ui.
popChallengeResponse - Archive of obsolete content
use <keygen> or the future web crypto api instead.
... resultstring = crypto.popchallengeresponse("challengestring"); argument description "challengestring" a base-64 encoded cmmf popodeckeychallcontent message.
Tamarin build documentation - Archive of obsolete content
- in a terminal window change to your /openssl folder and run make build_libs to create the necessary 'libcrypto.a' and 'libssl.a' static libraries.
...the necessary static files 'libcrypto.a' and 'libssl.a' are made correctly and are present in the /openssl folder.
2006-11-03 - Archive of obsolete content
or directory (build problem on winxp) november 2nd: kenoa complained that when he is compiling using cygwin on win32 he gets the following error no such file or directory1: /cygdrive/c/mozilla/mail/config/mozconfig client.mk:339: /cygdrive/c/mozilla/.mozconfig.mk: no such file or directory he claims that the file ".mozconfig" exists in /cygdrive/c/mozilla/mail/config/mozconfig the disable-crypto cause problem originally posted on november 2nd: gxk is building minimo using the code base from sept.
... when he builds using the disable.crypto option he encounters the following problem: no rule to make target `../../dist/lib/components/libpipboot.a', needed by `minimo'.
Digital Signatures - Archive of obsolete content
this section describes how public-key cryptography addresses the problem of tampering.
...for a discussion of the way this works, see "introduction to public-key cryptography." the significance of a digital signature is comparable to the significance of a handwritten signature.
Security - Archive of obsolete content
decryption is the process of transforming encrypted information so that it is intelligible again.introduction to public-key cryptographypublic-key cryptography and related standards and techniques underlie the security features of many products such as signed and encrypted email, single sign-on, and secure sockets layer (ssl) communications.
... this document introduces the basic concepts of public-key cryptography.
Cipher - MDN Web Docs Glossary: Definitions of Web-related terms
in cryptography, a cipher is an algorithm that can encode cleartext to make it unreadable, and to decode it back.
... ciphers were common long before the information age (e.g., substitution ciphers, transposition ciphers, and permutation ciphers), but none of them were cryptographically secure except for the one-time pad.
HMAC - MDN Web Docs Glossary: Definitions of Web-related terms
hmac is a protocol used for cryptographically authenticating messages.
... it can use any kind of cryptographic functions, and its strengh depends on the underlying function (sha1 or md5 for instance), and the chosen secret key.
PR_GetRandomNoise
pr_getrandomnoise is intended to provide a "seed" value for a another random number generator that may be suitable for cryptographic operations.
... this implies that the random value provided may not be, by itself, cryptographically secure.
Getting Started With NSS
how to get involved with nss network security services (nss) is a base library for cryptographic algorithms and secure network protocols used by mozilla software.
...you can find us on mozilla irc in channel #nss or you could ask your questions on the mozilla.dev.tech.crypto newsgroup.
Introduction to Network Security Services
the nss library supports core crypto operations.
... what you should already know before using nss, you should be familiar with the following topics: concepts and techniques of public-key cryptography the secure sockets layer (ssl) protocol the pkcs #11 standard for cryptographic token interfaces cross-platform development issues and techniques where to find more information for information about pki and ssl that you should understand before using nss, see the following: introduction to public-key cryptography introduction to ssl for links to api documentation, build instruct...
4.3.1 Release Notes
to obtain the version info from the jar file use, "system.out.println(org.mozilla.jss.cryptomanager.jar_jss_version)" and to check the shared library: strings libjss4.so | grep -i header feedback bugs discovered should be reported by filing a bug report with bugzilla.
... you can also give feedback directly to the developers on the mozilla cryptography forums...
4.3 Release Notes
to obtain the version info from the jar file use, "system.out.println(org.mozilla.jss.cryptomanager.jar_jss_version)" and to check the shared library: strings libjss4.so | grep -i header feedback bugs discovered should be reported by filing a bug report with bugzilla.
... you can also give feedback directly to the developers on the mozilla cryptography forums...
NSS 3.12.4 release notes
<center> 2009-08-20 </center> <center>newsgroup: mozilla.dev.tech.crypto</center> introduction network security services (nss) 3.12.4 is a patch release for nss 3.12.
...bug 488550: crash in certutil or pp when printing cert with empty subject name bug 488992: fix lib/freebl/win_rand.c warnings bug 489010: stop exporting mktemp and dbopen (again) bug 489287: resolve a few remaining issues with nss's new revocation flags bug 489710: byteswap optimize for msvc++ bug 490154: cryptokey framework requires module to implement generatekey when they support keypairgeneration bug 491044: remove support for vms (a.k.a., openvms) from nss bug 491174: cert_pkixverifycert reports wrong error code when ee cert is expired bug 491919: cert.h doesn't have valid functions prototypes bug 492131: a failure to import a cert from a p12 file leaves error code set to zero bug 492385: crash free...
NSS 3.12.5 release_notes
nss 3.12.5 release notes 2009-12-02 newsgroup: mozilla.dev.tech.crypto introduction network security services (nss) 3.12.5 is a patch release for nss 3.12.
... see the following struct in nss.h for details: nssinitparametersstr other new functions in secmod.h: secmod_getskipfirstflag secmod_getdefaultmoddbflag in prlink.h nss_securememcmp port_loadlibraryfromorigin modified functions sgn_update (see cryptohi.h) the parameter "input" of this function is changed from unsigned char * to const unsigned char *.
NSS 3.14.3 release notes
this attack is mitigated when using nss 3.14.3 with an nss cryptographic module ("softoken") version 3.14.3 or later.
... however, this attack is only partially mitigated if nss 3.14.3 is used with the current fips validated nss cryptographic module, version 3.12.9.1.
NSS 3.19.2 release notes
notable changes in nss 3.19.2 bug 1172128 - in nss 3.19.1, the minimum key sizes that the freebl cryptographic implementation (part of the softoken cryptographic module used by default by nss) was willing to generate or use was increased - for rsa keys, to 512 bits, and for dh keys, 1023 bits.
...consumers of nss are strongly encouraged to migrate to stronger cryptographic strengths as soon as possible.
NSS 3.31 release notes
notable changes in nss 3.31 the apis that set a tls version range have been changed to trim the requested range to the overlap with a systemwide crypto policy, if configured.
... previously, ssl_versionrangeset and ssl_versionrangesetdefault returned a failure if the requested version range wasn't fully allowed by the systemwide crypto policy.
NSS 3.54 release notes
use arm cryptography extension for sha256, when available.
... bugs fixed in nss 3.54 bug 1528113 - use arm cryptography extension for sha256.
NSS 3.55 release notes
notable changes in nss 3.55 p384 and p521 elliptic curve implementations are replaced with verifiable implementations from fiat-crypto and ecckiila.
... bugs fixed in nss 3.55 bug 1631583 (cve-2020-6829, cve-2020-12400) - replace p384 and p521 with new, verifiable implementations from fiat-crypto and ecckiila.
Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
_fprintf(pr_stderr, "problem while vfy_update\n"); goto cleanup; } } rv = vfy_end(vfy); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_end\n"); goto cleanup; } cleanup: if (infile) { pr_close(infile); } if (vfy) { vfy_destroycontext(vfy, pr_true); } return rv; } /* * write cryptographic parameters to header file */ secstatus writetoheaderfile(const char *buf, unsigned int len, headertype type, prfiledesc *outfile) { secstatus rv; const char *header; const char *trailer; switch (type) { case symkey: header = enckey_header; trailer = enckey_trailer; break; case mackey: heade...
...iler; pr_fprintf(outfile, "%s\n", header); pr_fprintf(outfile, "%s\n", buf); pr_fprintf(outfile, "%s\n\n", trailer); return secsuccess; break; default: return secfailure; } pr_fprintf(outfile, "%s\n", header); printashex(outfile, buf, len); pr_fprintf(outfile, "%s\n\n", trailer); return secsuccess; } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv = secsuccess; prfiledesc* file = null; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char *header; char ...
NSS Sample Code sample3
* this code uses the simplest of the init functions, which does not * require a nss database to exist */ nss_nodb_init("."); /* get a slot to use for the crypto operations */ slot = pk11_getinternalkeyslot(); if (!slot) { cout << "getinternalkeyslot failed" << endl; status = 1; goto done; } /* * part 1 - simple hashing */ cout << "part 1 -- simple hashing" << endl; /* initialize data */ memset(data, 0xbc, sizeof data); /* create a context for hashing (digesting) */ context = pk11_createdigestcontext(sec_oid_md5);...
... 0; /* * part 2 - hashing with included secret key */ cout << "part 2 -- hashing with included secret key" << endl; /* initialize data */ memset(data, 0xbc, sizeof data); /* create a key */ key = pk11_keygen(slot, ckm_generic_secret_key_gen, 0, 128, 0); if (!key) { cout << "create key failed" << endl; goto done; } cout << (void *)key << endl; /* create parameters for crypto context */ /* note: params must be provided, but may be empty */ secitem noparams; noparams.type = sibuffer; noparams.data = 0; noparams.len = 0; /* create context using the same slot as the key */ // context = pk11_createdigestcontext(sec_oid_md5); context = pk11_createcontextbysymkey(ckm_md5, cka_digest, key, &noparams); if (!context) { cout << "createdigestcontext failed" << ...
NSS Sample Code
nss sample code the collection of sample code here demonstrates how nss can be used for cryptographic operations, certificate handling, ssl, etc.
... it also demonstrates some best practices in the application of cryptography.
nss tech note6
the following applies to nss 3.11 : the low-level freebl cryptographic code has been separated from softoken on all platforms.
...the softoken and freebl binaries won't match any nss binaries that may have been submitted to nist for validation, and thus may not be verified as being the actual fips 140 validated cryptographic module .
NSS Tech Notes
nss technical notes newsgroup: mozilla.dev.tech.crypto nss technical notes provide latest information about new nss features and supplementary documentation for advanced topics in programming with nss.
... tn5: using nss to perform miscellaneous cryptographic operations.
New NSS Samples
new nss sample code this collection of sample code demonstrates how nss can be used for cryptographic operations, certificate handling, ssl, etc.
... it also demonstrates some best practices in the application of cryptography.
Python binding for NSS
nss provides cryptography services supporting ssl, tls, pki, pkix, x509, pkcs*, etc.
...e download https://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/pynss_release_0_17_0/src/ change log the primary enhancement in this version is adding support for pbkdf2 the following module functions were added: nss.create_pbev2_algorithm_id the following class methods were added: nss.algorithmid.get_pbe_crypto_mechanism nss.algorithmid.get_pbe_iv nss.pk11slot.pbe_key_gen nss.pk11slot.format_lines nss.pk11slot.format nss.pk11symkey.format_lines nss.pk11symkey.format nss.secitem.to_base64 nss.secitem.format_lines nss.secitem.format the following files were added: doc/examples/pbkdf2_example.py ...
FC_Finalize
syntax ck_rv fc_finalize (ck_void_ptr preserved); parameters fc_finalize has one parameter: preserved must be null description fc_finalize shuts down the nss cryptographic module in the fips mode of operation.
...fc_finalize should return ckr_cryptoki_not_initialized if the library is not initialized.
FC_GetOperationState
name fc_getoperationstate - get the cryptographic operation state of a session.
... description fc_getoperationstate saves the state of the cryptographic operation in a session.
FC_GetSessionInfo
if the nss cryptographic module is in the error state, fc_getsessioninfo returns ckr_device_error.
... otherwise, it fills in the ck_session_info structure with the following information: state: the state of the session, i.e., no role is assumed, the user role is assumed, or the crypto officer role is assumed flags: bit flags that define the type of session ckf_rw_session (0x00000002): true if the session is read/write; false if the session is read-only.
FC_GetTokenInfo
ckf_rng (0x00000001): this device has a random number generator ckf_write_protected (0x00000002): this device is read-only ckf_login_required (0x00000004): this device requires the user to log in to use some of its services ckf_user_pin_initialized (0x00000008): the user's password has been initialized ckf_dual_crypto_operations (0x00000200): a single session with the token can perform dual cryptographic operations ckf_token_initialized (0x00000400): the token has been initialized.
... ckr_cryptoki_not_initialized the pkcs #11 module library is not initialized.
FC_SetOperationState
name fc_setoperationstate - restore the cryptographic operation state of a session.
... description fc_setoperationstate restores the cryptographic operations state of a session from an array of bytes obtained with fc_getoperationstate.
NSS tools : certutil
$ certutil -u -d sql:/home/my/sharednssdb slot: nss user private key and certificate services token: nss certificate db slot: nss internal cryptographic services token: nss generic crypto services adding certificates to the database existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere.
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, sun, oracle, mozilla, and google.
NSS tools : cmsutil
name cmsutil — performs basic cryptograpic operations, such as encryption and decryption, on cryptographic message syntax (cms) messages.
... synopsis cmsutil [options] arguments description the cmsutil command-line uses the s/mime toolkit to perform basic operations, such as encryption and decryption, on cryptographic message syntax (cms) messages.
NSS tools : vfychain
modutil can add and delete pkcs #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable fips 140-2 compliance, and assign default providers for cryptographic operations.
...mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
troubleshoot.html
troubleshooting nss and jss builds newsgroup: mozilla.dev.tech.crypto this page summarizes information on troubleshooting the nss and jss build and test systems, including known problems and configuration suggestions.
... if you have suggestions for this page, please post them to mozilla.dev.tech.crypto.
OLD SSL Reference
upgraded documentation may be found in the current nss reference ssl reference newsgroup: mozilla.dev.tech.crypto writer: sean cotter manager: wan-teh chang chapter 1 overview of an ssl application ssl and related apis allow compliant applications to configure sockets for authenticated, tamper-proof, and encrypted communications.
... seckey_getdefaultkeydb seckey_destroyprivatekey chapter 7 pkcs #11 functions this chapter describes the core pkcs #11 functions that an application needs for communicating with cryptographic modules.
NSS tools : cmsutil
MozillaProjectsNSStoolscmsutil
name cmsutil — performs basic cryptograpic operations, such as encryption and decryption, on cryptographic message syntax (cms) messages.
... synopsis cmsutil [options] arguments description the cmsutil command-line uses the s/mime toolkit to perform basic operations, such as encryption and decryption, on cryptographic message syntax (cms) messages.
NSS tools : signver
MozillaProjectsNSStoolssignver
synopsis signtool -a | -v -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v] description the signature verification tool, signver, is a simple command-line utility that unpacks a base-64-encoded pkcs#7 signed object and verifies the digital signature using standard cryptographic techniques.
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
NSS tools : vfychain
modutil can add and delete pkcs #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable fips 140-2 compliance, and assign default providers for cryptographic operations.
... mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
XPCOM Interface Reference
efobservernsicontentprefservicensicontentprefservice2nsicontentsecuritypolicynsicontentsniffernsicontentviewnsicontentviewmanagernsicontentviewernsicontrollernsicontrollersnsiconverterinputstreamnsiconverteroutputstreamnsicookiensicookie2nsicookieacceptdialognsicookieconsentnsicookiemanagernsicookiemanager2nsicookiepermissionnsicookiepromptservicensicookieservicensicookiestoragensicrashreporternsicryptohmacnsicryptohashnsicurrentcharsetlistenernsicyclecollectorlistenernsidbchangelistenernsidbfolderinfonsidnslistenernsidnsrecordnsidnsrequestnsidnsservicensidomcanvasrenderingcontext2dnsidomchromewindownsidomclientrectnsidomdesktopnotificationnsidomdesktopnotificationcenternsidomelementnsidomeventnsidomeventgroupnsidomeventlistenernsidomeventtargetnsidomfilensidomfileerrornsidomfileexceptionnsidomf...
...iiniparsernsiiniparserfactorynsiiniparserwriternsiioservicensiidleservicensiinprocesscontentframemessagemanagernsiinputstreamnsiinputstreamcallbacknsiinstalllocationnsiinterfacerequestornsijscidnsijsidnsijsiidnsijsonnsijetpacknsijetpackservicensijumplistbuildernsijumplistitemnsilivemarkservicensiloadgroupnsilocalfilensilocalfilemacnsilocalensilocaleservicensilogininfonsiloginmanagernsiloginmanagercryptonsiloginmanageriemigrationhelpernsiloginmanagerprompternsiloginmanagerstoragensiloginmetainfonsimimeinputstreamnsimacdocksupportnsimarkupdocumentviewernsimemorynsimemorymultireporternsimemorymultireportercallbacknsimemoryreporternsimemoryreportermanagernsimenuboxobjectnsimessagebroadcasternsimessagelistenernsimessagelistenermanagernsimessagesendernsimessagewakeupservicensimessengernsimicrosummaryn...
Payment processing concepts - Web APIs
some payment handlers use merchant validation, which is the process of validating the identity of a merchant in some way, usually using some form of cryptographic response such as a public key.
... merchant validation some payment handlers use merchant validation, which is the process of validating the identity of a merchant in some way, usually using some form of cryptographic challenge.
PublicKeyCredentialCreationOptions.challenge - Web APIs
the challenge property of the publickeycredentialcreationoptions dictionary is a buffersource used as a cryptographic challenge.
...contains a cryptographic challenge emitted from the relying party's server which must be signed by the authenticator's private key and sent back (within the response) to the relying party's server for verification.
PublicKeyCredentialRequestOptions.challenge - Web APIs
the challenge property of the publickeycredentialrequestoptions dictionary is a buffersource used as a cryptographic challenge.
...contains a cryptographic challenge emitted from the relying party's server which must be signed by the authenticator's private key and sent back (within the response) to the relying party's server for verification.
Writing a WebSocket server in C# - Web APIs
xt.regularexpressions.regex("^get").ismatch(data)) { const string eol = "\r\n"; // http/1.1 defines the sequence cr lf as the end-of-line marker byte[] response = encoding.utf8.getbytes("http/1.1 101 switching protocols" + eol + "connection: upgrade" + eol + "upgrade: websocket" + eol + "sec-websocket-accept: " + convert.tobase64string( system.security.cryptography.sha1.create().computehash( encoding.utf8.getbytes( new system.text.regularexpressions.regex("sec-websocket-key: (.*)").match(data).groups[1].value.trim() + "258eafa5-e914-47da-95ca-c5ab0dc85b11" ) ) ) + eol + eol); stream.write(response, 0, response.length); } decoding messages after a successful handsha...
...write the hash back as the value of "sec-websocket-accept" response header in an http response string swk = regex.match(s, "sec-websocket-key: (.*)").groups[1].value.trim(); string swka = swk + "258eafa5-e914-47da-95ca-c5ab0dc85b11"; byte[] swkasha1 = system.security.cryptography.sha1.create().computehash(encoding.utf8.getbytes(swka)); string swkasha1base64 = convert.tobase64string(swkasha1); // http/1.1 defines the sequence cr lf as the end-of-line marker byte[] response = encoding.utf8.getbytes( "http/1.1 101 switching protocols\r\n" + "connection: upgrade\r\n" + ...
Attestation and Assertion - Web APIs
attestationobject - cryptographic attestation that a newly generated keypair was created by that authenticator.
...et attestations fido u2f - security keys that implement the fido u2f standard use this format none - browsers may prompt users whether they want a site to be allowed to see their attestation data and/or may remove attestation data from the authenticator's response if the `attestation` parameter in `navigator.credentials.create()` is set to `none` the purpose of attestation is to cryptographically prove that a newly generated key pair came from a specific device.
Functions and classes available to Web Workers - Web APIs
38 (38) (yes) (yes) (yes) crypto the crypto interface represents basic cryptography features available in the current context.
... it allows access to a cryptographically strong random number generator and to cryptographic primitives.
HTTP Index - HTTP
WebHTTPIndex
41 http public key pinning (hpkp) guide, hpkp, http, security http public key pinning (hpkp) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
... 171 public-key-pins hpkp, http, reference, security, header the http public-key-pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
BigInt - JavaScript
cryptography the operations supported on bigints are not constant time.
... bigint is therefore unsuitable for use in cryptography.
Math.random() - JavaScript
math.random() does not provide cryptographically secure random numbers.
...use the web crypto api instead, and more precisely the window.crypto.getrandomvalues() method.
Math.random() - JavaScript
math.random() does not provide cryptographically secure random numbers.
...use the web crypto api instead, and more precisely the window.crypto.getrandomvalues() method.
Certificate Transparency - Web security
newly issued certificates are 'logged' to publicly run, often independent ct logs which maintain an append-only, cryptographically assured record of issued tls certificates.
...nodes are labelled with the cryptographic hashes of their child nodes.
Features restricted to secure contexts - Web security
65 service workers 40 17 11.1 44 storage api 55 not supported not supported 51 web authentication api 65 in preview (17) in development 60 web bluetooth 56 not supported not supported not supported web midi (see midiaccess, for example) 43 not supported not supported not supported web crypto api 60 79 not supported 75 secure context restrictions that vary by browser some browsers may decide to disable certain apis in non-secure contexts or apply other restrictions/security measures, despite the spec not requiring them.
... web crypto api has been restricted to https since early days (api was visible in http as well but operations failed).
Miscellaneous - Archive of obsolete content
generating random bytes useful snippet for generating random bytes that can, for example be used as a good source for cryptographic entropy.
Extension Versioning, Update and Compatibility - Archive of obsolete content
the technical details of the signing mechanism are beyond the scope of this document however the basics are as follows: step 1 - done once, before you publish your add-on the target: adding updatekey in install.rdf the add-on author creates a public/private rsa cryptographic key pair.
Install Manifests - Archive of obsolete content
in order to do so you must include the public part of the cryptographic key in an updatekey entry in the install.rdf of the add-on.
MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
3) -fno-rtti -fno-exceptions -wall -wconversion -wpointer-arith -wcast-align -woverloaded-virtual -wsynth -wno-ctor-dtor-privacy -wno-non-virtual-dtor -wno-long-long -pedantic -fshort-wchar -pthread -pipe -i/usr/x11r6/include configure arguments --disable-mailnews --enable-extensions=cookie,xml-rpc,xmlextras,pref,transformiix,universalchardet,webservices,inspector,gnomevfs,negotiateauth --enable-crypto --disable-composer --enable-single-profile --disable-profilesharing --with-system-jpeg --with-system-zlib --with-system-png --with-pthreads --disable-tests --disable-jsd --disable-installer '--enable-optimize=-os -g -pipe -m32 -march=i386 -mtune=pentium4' --enable-xft --enable-xinerama --enable-default-toolkit=gtk2 --enable-official-branding --disable-xprint --disable-strip --enable-pango autoc...
Firefox Sync - Archive of obsolete content
these include: an http api for client-server interaction storage formats used by the the clients cryptographic model for encrypting client data the definitive source for these specifications is http://docs.services.mozilla.com/.
CRMF Request object - Archive of obsolete content
use <keygen> or the future web crypto api instead.
Mozilla Application Framework in Detail - Archive of obsolete content
ity, a java webclient api, and java plug-ins; nspr, a runtime engine that provides platform-independence (across over a dozen platforms) for non-gui operating system facilities with support for threads, thread synchronization, normal file and network i/o, interval timing and calendar time, basic memory management (malloc and free) and shared library linking; psm, a set of libraries that perform cryptographic operations including setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), other common pki functions, and s/mime support; an sql support that provides the ability to set up data sources, query a database, and retrieve results as javascript objects or rdf data sources; and an api for directory services via the...
What XULRunner Provides - Archive of obsolete content
the following features are either already implemented or planned: gecko features xpcom networking gecko rendering engine dom editing and transaction support (no ui) cryptography xbl (xbl2 planned) xul svg xslt xml extras (xmlhttprequest, domparser, etc.) web services (soap) auto-update support (not yet complete) type ahead find toolbar history implementation (the places implementation in the 1.9 cycle) accessibility support ipc services for communication between gecko-based apps (not yet complete) storage/sqlite interfaces user interface features the following user interface is supplied by xulru...
2006-10-27 - Archive of obsolete content
discussions extending javascript mitchi is working on a csp (cryptographic service provider) that works on a usb flash drive.
Gecko FAQ - Gecko Redirect 1
css1, css2, and css3 keywords) dom: see dom0, dom1, dom2 and event handling components xml rdf core javascript language interpreter (javascript engine) http 1.1 compliance bugs should generally be found on the networking, networking - general, and networking: cache components oji imagelib image library (see also jpeg image handling and png image handling) ssl-related bugs are filed on the crypto component for information about the known bugs of a specific commercial product based on gecko, see that product's release notes.
Certified - MDN Web Docs Glossary: Definitions of Web-related terms
for details on certification in cryptography, please refer to digital certificate.
Cipher suite - MDN Web Docs Glossary: Definitions of Web-related terms
in a cryptosystem like tls, the client and server must agree on a cipher suite before they can begin communicating securely.
Ciphertext - MDN Web Docs Glossary: Definitions of Web-related terms
in cryptography, a ciphertext is a scrambled message that conveys information but is not legible unless decrypted with the right cipher and the right secret (usually a key), reproducing the original cleartext.
Cryptanalysis - MDN Web Docs Glossary: Definitions of Web-related terms
cryptanalysis is the branch of cryptography that studies how to break codes and cryptosystems.
Digest - MDN Web Docs Glossary: Definitions of Web-related terms
a digest can be used to perform several tasks: in non-cryptographic applications (e.g., the index of hash tables, or a fingerprint used to detect duplicate data or to uniquely identify files) verify message integrity (a tampered message will have a different hash) store passwords so that they can't be retrieved, but can still be checked (to do this securely, you also need to salt the password.) generate pseudo-random numbers generate keys it is critical to choose the proper hash function for your use case to avoid collisions and predictability.
Digital certificate - MDN Web Docs Glossary: Definitions of Web-related terms
a digital certificate is a data file that binds a publicly known cryptographic key to an organization.
HPKP - MDN Web Docs Glossary: Definitions of Web-related terms
http public key pinning (hpkp) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
Placeholder names - MDN Web Docs Glossary: Definitions of Web-related terms
placeholder names are commonly used in cryptography to indicate the participants in a conversation, without resorting to terminology such as "party a," "eavesdropper," and "malicious attacker." the most commonly used names are: alice and bob, two parties who want to send messages to each other, occasionally joined by carol, a third participant eve, a passive attacker who is eavesdropping on alice and bob's conversation mallory, an active attacker ("man-in-the-middle") who is able to modify their conversation and replay old messages ...
SIMD - MDN Web Docs Glossary: Definitions of Web-related terms
simd allows one same operation to be performed on multiple data points resulting in data level parallelism and thus performance gains — for example, for 3d graphics and video processing, physics simulations or cryptography, and other domains.
SRI - MDN Web Docs Glossary: Definitions of Web-related terms
it works by allowing you to provide a cryptographic hash that a fetched file must match.
Transport Layer Security (TLS) - MDN Web Docs Glossary: Definitions of Web-related terms
both ssl and tls are client / server protocols that ensure communication privacy by using cryptographic protocols to provide security over a network.
Hash - MDN Web Docs Glossary: Definitions of Web-related terms
hashes are very useful for cryptography — they insure the integrity of transmitted data.
Phishing: a short definition
public key cryptography many services will soon support w3c web authentication, a powerful technology to evade phishing, based on public key cryptography.
Function_Name
avoid describing the return until the next section, for example: this function looks in the nsscryptocontext and the nsstrustdomain to find the certificate that matches the der-encoded certificate.
CERT_FindCertByDERCert
nclude <cert.h> certcertificate *cert_findcertbydercert( certcertdbhandle *handle, secitem *dercert ); parameters handle in pointer to a certcertdbhandle representing the certificate database to look in dercert in pointer to an secitem whose type must be sidercertbuffer and whose data contains a der-encoded certificate description this function looks in the ?nsscryptocontext?
Encrypt Decrypt MAC Keys As Session Objects
ptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv; prfiledesc* file; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char header[40]; char trailer[40]; outbuf.ty...
Encrypt and decrypt MAC using token
ptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv; prfiledesc* file; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char header[40]; char trailer[40]; outbuf.ty...
Build instructions for JSS 4.3.x
build instructions for jss 4.3.x newsgroup: mozilla.dev.tech.crypto before building jss, you need to set up your system as follows: build nspr/nss by following the nspr/nss build instructions, to check that nss built correctly, run all.sh (in mozilla/security/nss/tests) and examine the results (in mozilla/test_results/security/computername.#/results.html.
Build instructions for JSS 4.4.x
build instructions for jss 4.4.x newsgroup: mozilla.dev.tech.crypto to build jss see upstream jss build/test instructions next, you should read the instructions on using jss.
NSS_3.11.10_release_notes.html
nss 3.11.10 release notes 2008-12-10 newsgroup: <ahref="news: mozilla.dev.tech.crypto"="" news.mozilla.org="">mozilla.dev.tech.crypto</ahref="news:> contents introduction distribution information bugs fixed documentation compatibility feedback introduction network security services (nss) 3.11.10 is a patch release for nss 3.11.
NSS_3.12.1_release_notes.html
nss 3.12.1 release notes 2008-09-05 newsgroup: mozilla.dev.tech.crypto contents introduction distribution information new in nss 3.12.1 bugs fixed documentation compatibility feedback introduction network security services (nss) 3.12.1 is a patch release for nss 3.12.
NSS_3.12.2_release_notes.html
nss 3.12.2 release notes 2008-10-20 newsgroup: mozilla.dev.tech.crypto contents introduction distribution information new in nss 3.12.2 bugs fixed documentation compatibility feedback introduction network security services (nss) 3.12.2 is a patch release for nss 3.12.
NSS 3.12.6 release notes
nss 3.12.6 release notes 2010-03-03 newsgroup: mozilla.dev.tech.crypto introduction network security services (nss) 3.12.6 is a patch release for nss 3.12.
NSS 3.12.9 release notes
<center> 2010-09-23</center> <center> newsgroup: mozilla.dev.tech.crypto</center> introduction network security services (nss) 3.12.9 is a patch release for nss 3.12.
NSS 3.14.1 release notes
applications which use multiple pkcs#11 modules, which do not indicate which tokens should be used by default for particular algorithms, and which do make use of cipherorder may now find that cryptographic operations occur on a different pkcs#11 token.
NSS 3.14.2 release notes
if so, nss uses the optimized code path, reducing the cpu cycles per byte to 1/20 of what was required before the patch (https://bugzilla.mozilla.org/show_bug.cgi?id=805604 and https://crypto.stanford.edu/realworldcrypto/slides/gueron.pdf).
NSS 3.16.2.2 release notes
this fixes a regression introduced in nss 3.16.2 that prevented nss from importing some rsa private keys (such as in pkcs #12 files) generated by other crypto libraries.
NSS 3.16.6 release notes
this fixes a regression introduced in nss 3.16.2 that prevented nss from importing some rsa private keys (such as in pkcs #12 files) generated by other crypto libraries.
NSS 3.17.2 release notes
this fixes a regression introduced in nss 3.16.2 that prevented nss from importing some rsa private keys (such as in pkcs #12 files) generated by other crypto libraries.
NSS 3.19.2.4 release notes
security fixes in nss 3.19.2.4 the following security fixes from nss 3.21 have been backported to nss 3.19.2.4: bug 1185033 / cve-2016-1979 - use-after-free during processing of der encoded keys in nss bug 1209546 / cve-2016-1978 - use-after-free in nss during ssl connections in low memory bug 1190248 / cve-2016-1938 - errors in mp_div and mp_exptmod cryptographic functions in nss compatibility nss 3.19.2.4 shared libraries are backward compatible with all older nss 3.x shared libraries.
NSS 3.22 release notes
enforce an external policy on nss from a config file (bug 1009429) you can now add a config= line to pkcs11.txt (assuming you are using sql databases), which will force nss to restrict the application to certain cryptographic algorithms and protocols.
NSS 3.25 release notes
several functions have been added to the public api of the nss cryptoki framework.
NSS 3.26 release notes
nss 3.26 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_26_rtm/src/ new in nss 3.26 new functionality the selfserv test utility has been enhanced to support alpn (http/1.1) and 0-rtt added support for the system-wide crypto policy available on fedora linux, see http://fedoraproject.org/wiki/changes/cryptopolicy introduced build flag nss_disable_libpkix which allows compilation of nss without the libpkix library notable changes in nss 3.26 the following ca certificate was added cn = isrg root x1 sha-256 fingerprint: 96:bc:ec:06:26:49:76:f3:74:60:77:9a:cf:28:c5:a7:cf:e8:a3:c0:aa:e1:1a:8f:fc:ee:0...
NSS 3.44 release notes
bugs fixed in nss 3.44 1501542 - implement checkarmsupport for android 1531244 - use __builtin_bswap64 in crypto_primitives.h 1533216 - cert_decodecertpackage() crash with netscape certificate sequences 1533616 - sdb_getattributevaluenolock should make at most one sql query, rather than one for each attribute 1531236 - provide accessor for certcertificate.dercert 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine 1532384 - in nss test certificates, use @example.com (not @bogus.com) ...
NSS 3.45 release notes
bug 1550579 - replace arm32 curve25519 implementation with one from fiat-crypto bug 1551129 - support static linking on windows bug 1552262 - expose a function pk11_findrawcertswithsubject for finding certificates with a given subject on a given slot bug 1546229 - add ipsec ike support to softoken bug 1554616 - add support for the elbrus lcc compiler (<=1.23) bug 1543874 - expose an external clock for ssl this adds new experimental functions: ssl_settimefunc, ssl_...
NSS 3.46 release notes
bugs fixed in nss 3.46 bug 1572164 - don't unnecessarily free session in nsc_wrapkey bug 1574220 - improve controls after errors in tstcln, selfserv and vfyserv cmds bug 1550636 - upgrade sqlite in nss to a 2019 version bug 1572593 - reset advertised extensions in ssl_constructextensions bug 1415118 - nss build with ./build.sh --enable-libpkix fails bug 1539788 - add length checks for cryptographic primitives (cve-2019-17006) bug 1542077 - mp_set_ulong and mp_set_int should return errors on bad values bug 1572791 - read out-of-bounds in der_decodetimechoice_util from sslexp_delegatecredential bug 1560593 - cleanup.sh script does not set error exit code for tests that "failed with core" bug 1566601 - add wycheproof test vectors for aes-kw bug 1571316 - curve25519_32.c:280: undefi...
NSS 3.49 release notes
bug 1606025 - remove -wmaybe-uninitialized warning in sslsnce.c bug 1606119 - fix ppc hw crypto build failure bug 1605545 - memory leak in pk11install_platform_generate bug 1602288 - fix build failure due to missing posix signal.h bug 1588714 - implement checkarmsupport for win64/aarch64 bug 1585189 - nss database uses 3des instead of aes to encrypt db entries bug 1603257 - fix ubsan issue in softoken ckm_nss_chacha20_ctr initialization bug 1590001 - additional hrr tests (cve-2019-170...
Enc Dec MAC Output Public Key as CSR
ptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char *header; char *trailer; prfiledesc *file = null; outbuf.typ...
Encrypt Decrypt_MAC_Using Token
ptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file.
NSS Sample Code Sample_3_Basic Encryption and MACing
ptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv; prfiledesc* file; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char header[40]; char trailer[40]; outbuf.ty...
NSS Sample Code sample4
nss sample code 4: pki encryption /* example code to illustrate pki crypto ops (encrypt with public key, * decrypt with private key) * * code assumes that you have set up a nss database with a certificate * and a private key.
NSS Sample Code sample5
nss sample code 5: pki encryption with a raw public & private key in der format /* example code to illustrate pki crypto ops (encrypt with public key, * decrypt with private key) * * no nss db needed.
EncDecMAC using token object - sample 3
tlen, maxout, in, inlen); } /* * encryptinit */ pk11context * encryptinit(pk11symkey *ek, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(ek, iv, ivlen, type, cka_encrypt); } /* * decryptinit */ pk11context * decryptinit(pk11symkey *dk, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type) { return cryptinit(dk, iv, ivlen, type, cka_decrypt); } /* * read cryptographic parameters from the header file */ secstatus readfromheaderfile(const char *filename, headertype type, secitem *item, prbool ishexdata) { secstatus rv; prfiledesc* file; secitem filedata; secitem outbuf; unsigned char *nonbody; unsigned char *body; char header[40]; char trailer[40]; outbuf.type = sibuffer; file = pr_open(filename, pr_rdonly, 0); if (!file) { pr_fprintf(pr_stderr, "failed t...
nss tech note3
the list of known seccertusages is short: certusagesslclient ........... an ssl client authentication cert certusagesslserver ........... an ordinary ssl server cert certusagesslserverwithstepup.. an ssl server cert that allows export clients to use strong crypto.
NSS Third-Party Code
compiled in sqlite [/lib/sqlite] berkleydb [/lib/dbm] zlib [/lib/zlib] libjar [/lib/jar] fiat-crypto, ring [lib/freebl/ecl] used for tests gtest [/gtests] downloaded by certain test tooling tlsfuzzer [/tests/tlsfuzzer] bogo tests [/tests/bogo] boringssl, openssl [/tests/interop] ...
PKCS11
pkcs #11 information for implementors of cryptographic modules: implementing pkcs11 for nss pkcs11 faq using the jar installation manager to install a pkcs #11 cryptographic module pkcs #11 conformance testing ...
NSS PKCS11 Functions
pkcs #11 functions this chapter describes the core pkcs #11 functions that an application needs for communicating with cryptographic modules.
FC_CloseAllSessions
the nss cryptographic module currently doesn't call the surrender callback function notify.
FC_GetFunctionList
description fc_getfunctionlist stores in *ppfunctionlist a pointer to the nss cryptographic module's list of function pointers in the fips mode of operation.
FC_InitPIN
in the nss cryptographic module, one uses the empty string password ("") to log in as the pkcs #11 so.
FC_Login
the nss cryptographic module doesn't allow the so to log in if the normal user's pin is already initialized.
FC_OpenSession
the nss cryptographic module currently doesn't call the surrender callback function notify.
FC_SeedRandom
the initial seed material is provided by the nss cryptographic module itself.
FC_WaitForSlotEvent
description this function is not supported by the nss cryptographic module.
NSC_Login
the nss cryptographic module doesn't allow the so to log in if the normal user's pin is already initialized.
NSS_Initialize
nss_init_pk11reload - ignore the ckr_cryptoki_already_initialized error when loading pkcs#11 modules.
FIPS mode of operation
fc_verifyinit fc_verify fc_verifyupdate fc_verifyfinal fc_verifyrecoverinit fc_verifyrecover dual-function cryptographic functions fc_digestencryptupdate fc_decryptdigestupdate fc_signencryptupdate fc_decryptverifyupdate key management functions fc_generatekey: dsa domain parameters (pqg) fc_generatekeypair: dsa, rsa, and ecdsa.
NSS tools : vfyserv
mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto irc: freenode at #dogtag-pki authors the nss tools were written and maintained by developers with netscape, red hat, and sun.
pkfnc.html
upgraded documentation may be found in the current nss reference pkcs #11 functions chapter 7 pkcs #11 functions this chapter describes the core pkcs #11 functions that an application needs for communicating with cryptographic modules.
sslintro.html
one of these functions must be called before any cryptographic operations can be performed with nss.
SSL functions
in addition to the functions listed here, applications that support ssl use some of the certificate functions, crypto functions, and utility functions described below on this page.
TLS Cipher Suite Discovery
in order to communicate securely, an tls client and tls server must agree on the cryptographic algorithms and keys that they will both use on the secured connection.
Utility functions
3.2 and later sec_asn1encodeunsignedinteger mxr 3.11.1 and later sec_asn1lengthlength mxr 3.2 and later sec_dupcrl mxr 3.9 and later sec_getsignaturealgorithmoidtag mxr 3.10 and later sec_getregisteredhttpclient mxr 3.12 and later sec_pkcs5getcryptoalgorithm mxr 3.2 and later sec_pkcs5getkeylength mxr 3.2 and later sec_pkcs5getpbealgorithm mxr 3.2 and later sec_pkcs5isalgorithmpbealg mxr 3.2 and later sec_pkcs5isalgorithmpbealgtag mxr 3.12 and later sec_registerdefaulthttpclient mxr 3.11.1 an...
modutil-tasks.html
nss security tools: modutil tasks newsgroup: mozilla.dev.tech.crypto task list the jar installation script is very fragile with respect to platform definitions (especially version numbers).
NSS Tools certutil-tasks
nss security tools: certutil tasks newsgroup: mozilla.dev.tech.crypto task list better error reporting.
NSS Tools certutil
internal slot 1 is used by cryptographic services.
NSS Tools cmsutil
using cmsutil newsgroup: mozilla.dev.tech.crypto the cmsutil command-line utility uses the s/mime toolkit to perform basic operations, such as encryption and decryption, on cryptographic message syntax (cms) messages.
NSS Tools crlutil
using the certificate revocation list management tool newsgroup: mozilla.dev.tech.crypto the certificate revocation list (crl) management tool is a command-line utility that can list, generate, modify, or delete crls within the nss security database file(s) and list, create, modify or delete certificates entries in a particular crl.
NSS Tools dbck-tasks
nss security tools: dbck tasks newsgroup: mozilla.dev.tech.crypto task list in analyze mode, there should be an option to create a file containing a graph of the certificate database without any information about the user's certificates (no common names, email addresses, etc.).
NSS Tools modutil-tasks
nss security tools: modutil tasks newsgroup: mozilla.dev.tech.crypto task list the jar installation script is very fragile with respect to platform definitions (especially version numbers).
NSS Tools pk12util-tasks
nss security tools: pk12util tasks newsgroup: mozilla.dev.tech.crypto task list need to migrate code to use an up-to-date version of nss.
NSS Tools signver-tasks
nss security tools: signver tasks newsgroup: mozilla.dev.tech.crypto task list remove private hash algortihms and replace with code in lib/hash, lib/crypto, and ...
NSS Tools ssltap
using the ssl debugging tool (ssltap) newsgroup: mozilla.dev.tech.crypto the ssl debugging tool is an ssl-aware command-line proxy.
Personal Security Manager (PSM)
personal security manager (psm) consists of a set of libraries that perform cryptographic operations on behalf of a client application.
Mozilla Projects
personal security manager (psm) personal security manager (psm) consists of a set of libraries that perform cryptographic operations on behalf of a client application.
Handling Mozilla Security Bugs
this work is separate from the work of developers adding new security features (cryptographically-based or otherwise) to mozilla, although obviously many of the same people will be involved in both sets of activities.
Components.utils.Sandbox
the following objects are supported: -promise (removed in firefox 37) css indexeddb (web worker only) xmlhttprequest textencoder textdecoder url urlsearchparams atob btoa blob file crypto rtcidentityprovider fetch (added in firefox 41) caches filereader for example: var sandboxscript = 'var encoded = btoa("hello");' + 'var decoded = atob(encoded);'; var options = { "wantglobalproperties": ["atob", "btoa"] } var sandbox = components.utils.sandbox("https://example.org/", options); compone...
Components.utils.importGlobalProperties
the following strings are supported: string/object xpcom component atob blob btoa crypto css fetch file nsidomfile indexeddb nodefilter firefox 60 nsidomnodefilter obsolete since gecko 60 rtcidentityprovider textdecoder textencoder url urlsearchparams xmlhttprequest nsixmlhttprequest obsolete since gecko 60 for string/o...
nsIDOMWindowInternal
crypto nsidomcrypto readonly: returns the browser crypto object, which can then be used to manipulate various browser security features.
nsIMsgCompFields
void removeattachment ( in nsimsgattachment attachment ); void removeattachments ( ); header methods void setheader(char* name, char* value); references this interface is the type of the following properties: nsimsgcompose.compfields, nsimsgcomposeparams.composefields this interface is passed as an argument to the following methods: nsimsgcomposesecure.begincryptoencapsulation, nsimsgcomposesecure.requirescryptoencapsulation, nsimsgsend.createandsendmessage, nsimsgsend.sendmessagefile, nsismimejshelper.getnocertaddresses, nsismimejshelper.getrecipientcertsinfo ...
nsISyncJPAKE
services/crypto/component/nsisyncjpake.idlscriptable please add a summary to this article.
nsIUpdateItem
can be null and if supplied must be in the format of "type:hash" (see the types in nsicryptohash and nsixpinstallmanager.initmanagerwithhashes().
XPCOM Interface Reference by grouping
security cookies nsicookie nsicookie2 nsicookieacceptdialog nsicookieconsent nsicookiemanager nsicookiemanager2 nsicookiepermission nsicookiepromptservice nsicookieservice nsicookiestorage nsisessionstore crypto nsicryptohash filter nsiparentalcontrolsservice nsipermission nsipermissionmanager nsisecuritycheckedcomponent ssl nsisslerrorlistener stream stream nsipipe ...
PKCS #11 Netscape Trust Objects - Network Security Services
pkcs #11 is a standard that defines ways to store certificates, keys and perform crypto operations.
AuthenticatorAttestationResponse - Web APIs
the authenticatorattestationresponse interface of the web authentication api is returned by credentialscontainer.create() when a publickeycredential is passed, and provides a cryptographic root of trust for the new key pair that has been generated.
AuthenticatorResponse.clientDataJSON - Web APIs
challenge the base64url encoded version of the cryptographic challenge sent from the relying party's server.
AuthenticatorResponse - Web APIs
the authenticatorresponse interface of the web authentication api is the base interface for interfaces that provide a cryptographic root of trust for a key pair.
HTMLElement - Web APIs
htmlorforeignelement.nonce returns the cryptographic number used once that is used by content security policy to determine whether a given fetch will be allowed to proceed.
HTMLOrForeignElement.nonce - Web APIs
the nonce property of the htmlorforeignelement interface returns the cryptographic number used once that is used by content security policy to determine whether a given fetch will be allowed to proceed.
HTMLOrForeignElement - Web APIs
propertiesdataset read only the dataset read-only property of the htmlorforeignelement interface provides read/write access to all the custom data attributes (data-*) set on the element.nonce the nonce property of the htmlorforeignelement interface returns the cryptographic number used once that is used by content security policy to determine whether a given fetch will be allowed to proceed.tabindexthe tabindex property of the htmlorforeignelement interface represents the tab order of the current element.methodsblur()the htmlelement.blur() method removes keyboard focus from the current element.focus()the htmlelement.focus() method sets focus on the specified ...
PublicKeyCredentialCreationOptions.pubKeyCredParams - Web APIs
these objects define the type of public-key and the algorithm used for cryptographic signature operations.
PublicKeyCredentialRequestOptions - Web APIs
properties publickeycredentialrequestoptions.challenge a buffersource, emitted by the relying party's server and used as a cryptographic challenge.
Window - Web APIs
WebAPIWindow
window.crypto read only returns the browser crypto object.
Guide to Web APIs - Developer guides
WebGuideAPI
timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api ...
<keygen> - HTML: Hypertext Markup Language
WebHTMLElementkeygen
if the user's browser is configured to support cryptographic hardware (e.g.
<link>: The External Resource Link element - HTML: Hypertext Markup Language
WebHTMLElementlink
integrity contains inline metadata — a base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch.
<script>: The Script element - HTML: Hypertext Markup Language
WebHTMLElementscript
nonce a cryptographic nonce (number used once) to whitelist scripts in a script-src content-security-policy.
<style>: The Style Information element - HTML: Hypertext Markup Language
WebHTMLElementstyle
nonce a cryptographic nonce (number used once) used to whitelist inline styles in a style-src content-security-policy.
CSP: base-uri - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: child-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: connect-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: default-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: font-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: form-action - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: frame-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: img-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: manifest-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: media-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: navigate-to - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: object-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
CSP: prefetch-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: script-src-attr - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: script-src-elem - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: script-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: style-src-attr - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: style-src-elem - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: style-src - HTTP
'nonce-<base64-value>' an allow-list for specific inline scripts using a cryptographic nonce (number used once).
CSP: worker-src - HTTP
'nonce-<base64-value>' a whitelist for specific inline scripts using a cryptographic nonce (number used once).
Index - HTTP
WebHTTPHeadersIndex
91 public-key-pins hpkp, http, reference, security, header the http public-key-pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
Public-Key-Pins - HTTP
the http public-key-pins response header used to associate a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates, however, it has been removed from modern browsers and is no longer supported.
HTTP headers - HTTP
WebHTTPHeaders
public-key-pins associates a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
HTTP Public Key Pinning (HPKP) - HTTP
http public key pinning (hpkp) was a security feature that used to tell a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of mitm attacks with forged certificates.
Transport Layer Security - Web security
in tls 1.2 and earlier, the negotiated cipher suite includes a set of cryptographic algorithms that together provide the negotiation of the shared secret, the means by which a server is authenticated, and the method that will be used to encrypt data.