Search completed in 1.32 seconds.
AesCtrParams - Web APIs
the
aesctrparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-ctr algorithm.
...
aes is a block cipher, meaning that it splits the message into blocks and encrypts it a block at a time.
...this should be set to
aes-ctr.
...And 3 more matches
AesGcmParams - Web APIs
the
aesgcmparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-gcm algorithm.
... for details of how to supply appropriate values for this parameter, see the specification for
aes-gcm: nist sp800-38d, in particular section 5.2.1.1 on input data.
...this should be set to
aes-gcm.
...And 3 more matches
AesCbcParams - Web APIs
the
aescbcparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-cbc algorithm.
...this should be set to
aes-cbc.
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.
aescbcparams' in that specification.
AesKeyGenParams - Web APIs
the
aeskeygenparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.generatekey(), when generating an
aes key: that is, when the algorithm is identified as any of
aes-cbc,
aes-ctr,
aes-gcm, or
aes-kw.
...this should be set to
aes-cbc,
aes-ctr,
aes-gcm, or
aes-kw, depending on the algorithm you want to use.
... specifications specification status comment web cryptography apithe definition of 'subtlecrypto.
aeskeygenparams' in that specification.
SubtleCrypto.wrapKey() - Web APIs
to use
aes-ctr, pass an
aesctrparams object.
... to use
aes-cbc, pass an
aescbcparams object.
... to use
aes-gcm, pass an
aesgcmparams object.
...And 24 more matches
SubtleCrypto.unwrapKey() - Web APIs
to use
aes-ctr, pass an
aesctrparams object.
... to use
aes-cbc, pass an
aescbcparams object.
... to use
aes-gcm, pass an
aesgcmparams object.
...And 16 more matches
SubtleCrypto.encrypt() - Web APIs
to use
aes-ctr, pass an
aesctrparams object.
... to use
aes-cbc, pass an
aescbcparams object.
... to use
aes-gcm, pass an
aesgcmparams object.
...And 12 more matches
window.location - Web APIs
pr
aesent bibendum condimentum feugiat.</p> <p id="mybookmark1">[ <span class="intlink" onclick="showbookmark('#mybookmark2');">go to bookmark #2</span> ]</p> <p>vivamus blandit massa ut metus mattis in fringilla lectus imperdiet.
...pr
aesent vel elementum felis.
...pr
aesent ut nibh sit amet nibh congue pulvinar.
...And 10 more matches
Encrypt Decrypt MAC Keys As Session Objects
/* nss headers */ #include #include /* our samples utilities */ #include "util.h" #define buffersize 80 #define digestsize 16 #define ptext_mac_buffer_size 96 #define ciphersize 96 #define blocksize 32 #define cipher_header "-----begin cipher-----" #define cipher_trailer "-----end cipher-----" #define enckey_header "-----begin
aeskey ckaid-----" #define enckey_trailer "-----end
aeskey ckaid-----" #define mackey_header "-----begin mackey ckaid-----" #define mackey_trailer "-----end mackey ckaid-----" #define iv_header "-----begin iv-----" #define iv_trailer "-----end iv-----" #define mac_header "-----begin mac-----" #define mac_trailer "-----end mac-----" #de...
...intf(outfile, "%s\n\n", trailer); return secsuccess; } /* * initialize for encryption or decryption - common code */ pk11context * cryptinit(pk11symkey *key, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type, ck_attribute_type operation) { secitem ivitem = { sibuffer, iv, ivlen }; pk11context *ctx = null; secitem *secparam = pk11_paramfromiv(ckm_
aes_cbc, &ivitem); if (secparam == null) { pr_fprintf(pr_stderr, "crypt failed : secparam null\n"); return null; } ctx = pk11_createcontextbysymkey(ckm_
aes_cbc, operation, key, secparam); if (ctx == null) { pr_fprintf(pr_stderr, "crypt failed : can't create a context\n"); goto cleanup; } cleanup: if (secparam) { secitem_freeitem(secpara...
... static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file */ while ((ptextlen = pr_read(infile, ptext, sizeof(ptext))) > 0) { /* encrypt using it using cbc, using previously created iv */ if (ptextlen != blocksize) { paddinglength = blocksize - ptextlen; for ( j=0; j < paddinglength; j++) { ptext[ptextlen+j] = (unsigned char)paddinglengt...
...And 9 more matches
Encrypt and decrypt MAC using token
/* nss headers */ #include #include /* our samples utilities */ #include "util.h" #define buffersize 80 #define digestsize 16 #define ptext_mac_buffer_size 96 #define ciphersize 96 #define blocksize 32 #define cipher_header "-----begin cipher-----" #define cipher_trailer "-----end cipher-----" #define enckey_header "-----begin
aeskey ckaid-----" #define enckey_trailer "-----end
aeskey ckaid-----" #define mackey_header "-----begin mackey ckaid-----" #define mackey_trailer "-----end mackey ckaid-----" #define iv_header "-----begin iv-----" #define iv_trailer "-----end iv-----" #define mac_header "-----begin mac-----" #define mac_trailer "-----end mac-----" #de...
...intf(outfile, "%s\n\n", trailer); return secsuccess; } /* * initialize for encryption or decryption - common code */ pk11context * cryptinit(pk11symkey *key, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type, ck_attribute_type operation) { secitem ivitem = { sibuffer, iv, ivlen }; pk11context *ctx = null; secitem *secparam = pk11_paramfromiv(ckm_
aes_cbc, &ivitem); if (secparam == null) { pr_fprintf(pr_stderr, "crypt failed : secparam null\n"); return null; } ctx = pk11_createcontextbysymkey(ckm_
aes_cbc, operation, key, secparam); if (ctx == null) { pr_fprintf(pr_stderr, "crypt failed : can't create a context\n"); goto cleanup; } cleanup: if (secparam) { secitem_freeitem(secpara...
... static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file */ while ((ptextlen = pr_read(infile, ptext, sizeof(ptext))) > 0) { /* encrypt using it using cbc, using previously created iv */ if (ptextlen != blocksize) { paddinglength = blocksize - ptextlen; for ( j=0; j < paddinglength; j++) { ptext[ptextlen+j] = (unsigned char)paddinglengt...
...And 9 more matches
Enc Dec MAC Output Public Key as CSR
static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file */ while ((ptextlen = pr_read(infile, ptext, sizeof(ptext))) > 0) { /* encrypt using it using cbc, using previously created iv */ if (ptextlen != blocksize) { paddinglength = blocksize - ptextlen; for ( j=0; j < paddinglength; j++) { ptext[ptextlen+j] = (unsigned char)paddinglength...
... ivitem->len); paddinglength = (unsigned int)paditem->data[0]; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_
aes_cbc); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv */ rv = decrypt(ctxenc, decbuf, &decbuflen, sizeof(decbuf), ctext, ctextlen); if (rv != secsuccess) { pr_fprintf(pr_stderr, "decrypt failure\n"); goto cleanup; } ...
...em from the header file */ rv = readfromheaderfile(headerfilename, iv, ivitem, pr_true); if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not retrieve iv from cipher file\n"); goto cleanup; } rv = readfromheaderfile(headerfilename, symkey, wrappedenckeyitem, pr_true); if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not retrieve wrapped
aes key from header file\n"); goto cleanup; } /* read in the mac key into item from the header file */ rv = readfromheaderfile(headerfilename, mackey, wrappedmackeyitem, pr_true); if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not retrieve wrapped mac key from header file\n"); goto cleanup; } /* get the public key from header file */ ...
...And 9 more matches
Encrypt Decrypt_MAC_Using Token
/* nss headers */ #include #include /* our samples utilities */ #include "util.h" #define buffersize 80 #define digestsize 16 #define ptext_mac_buffer_size 96 #define ciphersize 96 #define blocksize 32 #define cipher_header "-----begin cipher-----" #define cipher_trailer "-----end cipher-----" #define enckey_header "-----begin
aeskey ckaid-----" #define enckey_trailer "-----end
aeskey ckaid-----" #define mackey_header "-----begin mackey ckaid-----" #define mackey_trailer "-----end mackey ckaid-----" #define iv_header "-----begin iv-----" #define iv_trailer "-----end iv-----" #define mac_header "-----begin mac-----" #define mac_trailer "-----end mac-----" #de...
... */ pk11context * cryptinit(pk11symkey *key, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type, ck_attribute_type operation) { secitem ivitem = { sibuffer, iv, ivlen }; pk11context *ctx = null; secitem *secparam = pk11_paramfromiv(ckm_
aes_cbc, &ivitem); if (secparam == null) { pr_fprintf(pr_stderr, "crypt failed : secparam null\n"); return null; } ctx = pk11_createcontextbysymkey(ckm_
aes_cbc, operation, key, secparam); if (ctx == null) { pr_fprintf(pr_stderr, "crypt failed : can't create a context\n"); goto cleanup; } cleanup: if (secparam) { secitem_freeitem(secpara...
... static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file.
...And 9 more matches
NSS Sample Code Sample_3_Basic Encryption and MACing
ude <keyhi.h> #include <pk11priv.h> /* our samples utilities */ #include "util.h" #define buffersize 80 #define digestsize 16 #define ptext_mac_buffer_size 96 #define ciphersize 96 #define blocksize 32 #define cipher_header "-----begin cipher-----" #define cipher_trailer "-----end cipher-----" #define enckey_header "-----begin
aeskey ckaid-----" #define enckey_trailer "-----end
aeskey ckaid-----" #define mackey_header "-----begin mackey ckaid-----" #define mackey_trailer "-----end mackey ckaid-----" #define iv_header "-----begin iv-----" #define iv_trailer "-----end iv-----" #define mac_header "-----begin mac-----" #define mac_trailer "-----end mac-----" #de...
...intf(outfile, "%s\n\n", trailer); return secsuccess; } /* * initialize for encryption or decryption - common code */ pk11context * cryptinit(pk11symkey *key, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type, ck_attribute_type operation) { secitem ivitem = { sibuffer, iv, ivlen }; pk11context *ctx = null; secitem *secparam = pk11_paramfromiv(ckm_
aes_cbc, &ivitem); if (secparam == null) { pr_fprintf(pr_stderr, "crypt failed : secparam null\n"); return null; } ctx = pk11_createcontextbysymkey(ckm_
aes_cbc, operation, key, secparam); if (ctx == null) { pr_fprintf(pr_stderr, "crypt failed : can't create a context\n"); goto cleanup; } cleanup: if (secparam) { secitem_freeitem(secpara...
... static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file */ while ((ptextlen = pr_read(infile, ptext, sizeof(ptext))) > 0) { /* encrypt using it using cbc, using previously created iv */ if (ptextlen != blocksize) { paddinglength = blocksize - ptextlen; for ( j=0; j < paddinglength; j++) { ptext[ptextlen+j] = (unsigned char)paddinglengt...
...And 9 more matches
EncDecMAC using token object - sample 3
ders */ #include #include #include #include #include #include #include /* nss headers */ #include #include /* our samples utilities */ #include "util.h" #define buffersize 80 #define digestsize 16 #define ptext_mac_buffer_size 96 #define ciphersize 96 #define blocksize 32 #define cipher_header "-----begin cipher-----" #define cipher_trailer "-----end cipher-----" #define enckey_header "-----begin
aeskey ckaid-----" #define enckey_trailer "-----end
aeskey ckaid-----" #define mackey_header "-----begin mackey ckaid-----" #define mackey_trailer "-----end mackey ckaid-----" #define iv_header "-----begin iv-----" #define iv_trailer "-----end iv-----" #define mac_header "-----begin mac-----" #define mac_trailer "-----end mac-----" #define pad_header "-----begin pad-----" #define pad_trailer "-----en...
...); printashex(outfile, buf, len); pr_fprintf(outfile, "%s\n\n", trailer); return secsuccess; } /* * initialize for encryption or decryption - common code */ pk11context * cryptinit(pk11symkey *key, unsigned char *iv, unsigned int ivlen, ck_mechanism_type type, ck_attribute_type operation) { secitem ivitem = { sibuffer, iv, ivlen }; pk11context *ctx = null; secitem *secparam = pk11_paramfromiv(ckm_
aes_cbc, &ivitem); if (secparam == null) { pr_fprintf(pr_stderr, "crypt failed : secparam null\n"); return null; } ctx = pk11_createcontextbysymkey(ckm_
aes_cbc, operation, key, secparam); if (ctx == null) { pr_fprintf(pr_stderr, "crypt failed : can't create a context\n"); goto cleanup; } cleanup: if (secparam) { secitem_freeitem(secparam, pr_true); } return ctx; } /* * common encryption and decryptio...
...null; unsigned int pad[1]; secitem paditem; unsigned int paddinglength; static unsigned int firsttime = 1; int j; ctxmac = pk11_createcontextbysymkey(ckm_md5_hmac, cka_sign, mk, &noparams); if (ctxmac == null) { pr_fprintf(pr_stderr, "can't create mac context\n"); rv = secfailure; goto cleanup; } rv = macinit(ctxmac); if (rv != secsuccess) { goto cleanup; } ctxenc = encryptinit(ek, iv, ivlen, ckm_
aes_cbc); /* read a buffer of plaintext from input file */ while ((ptextlen = pr_read(infile, ptext, sizeof(ptext))) > 0) { /* encrypt using it using cbc, using previously created iv */ if (ptextlen != blocksize) { paddinglength = blocksize - ptextlen; for ( j=0; j < paddinglength; j++) { ptext[ptextlen+j] = (unsigned char)paddinglength; } ptextlen = blocksize; } rv = encrypt(ctxenc, encbuf, &encbufl...
...And 9 more matches
JSS Provider Notes
cipher supported algorithms notes
aes des desede (des3 ) rc2 rc4 rsa the following modes and padding schemes are supported: algorithm mode padding des ecb nopadding cbc nop...
...adding pkcs5 padding desede des3 ecb nopadding cbc nopadding pkcs5 padding
aes ecb nopadding cbc nopadding pkcs5 padding rc4 none none rc2 cbc nopadding pkcs5padding the securerandom argument passed to initsign() a...
... keygenerator supported algorithms notes
aes des desede (des3 ) rc4 the securerandom argument passed to init() is ignored, because nss does not support specifying an external source of randomness.
...And 5 more matches
Mozilla-JSS JCA Provider notes
dsakpg.initialize(1024); keypair dsapair = dsakpg.generatekeypair(); supported classes cipher dsaprivatekey dsapublickey keyfactory keygenerator keypairgenerator mac messagedigest rsaprivatekey rsapublickey secretkeyfactory secretkey securerandom signature cipher supported algorithms notes
aes des desede (des3) rc2 rc4 rsa the following modes and padding schemes are supported: algorithm mode padding des ecb nopadding cbc nopadding pkcs5 padding desede des3 ecb nopadding cbc nopadding ...
... pkcs5 padding
aes ecb nopadding cbc nopadding pkcs5 padding rc4 none none rc2 cbc nopadding pkcs5padding the securerandom argument passed to initsign() and initverify() is ignored, because nss does not support specifying an external source of randomness.
... keygenerator supported algorithms notes
aes des desede (des3) rc4 the securerandom argument passed to init() is ignored, because nss does not support specifying an external source of randomness.
...And 4 more matches
SubtleCrypto.decrypt() - Web APIs
to use
aes-ctr, pass an
aesctrparams object.
... to use
aes-cbc, pass an
aescbcparams object.
... to use
aes-gcm, pass an
aesgcmparams object.
...And 4 more matches
Index
194 nss tech note5 note:
aes encryption, a fixed blocksize of 16 bytes is used.
... the rijndael algorithm permits 3 blocksizes (16, 24, 32 bytes), but the
aes standard requires the blocksize to be 16 bytes.
... modutil supports several mechanisms: rsa, dsa, rc2, rc4, rc5,
aes, des, dh, sha1, sha256, sha512, ssl, tls, md5, md2, random (for random number generation), and friendly (meaning certificates are publicly readable).
...And 3 more matches
sslfnc.html
factory settings for all are enabled): ssl_en_rc4_128_with_md5 ssl_en_rc4_128_export40_with_md5 ssl_en_rc2_128_cbc_with_md5 ssl_en_rc2_128_cbc_export40_with_md5 ssl_en_des_64_cbc_with_md5 ssl_en_des_192_ede3_cbc_with_md5 or one of the following values for ssl3/tls (unless indicated otherwise, factory settings for all are enabled): tls_dhe_rsa_with_
aes_256_cbc_sha (not enabled by default; client side only) tls_dhe_dss_with_
aes_256_cbc_sha (not enabled by default; client side only) tls_rsa_with_
aes_256_cbc_sha (not enabled by default) ssl_fortezza_dms_with_rc4_128_sha tls_dhe_dss_with_rc4_128_sha (not enabled by default; client side only) tls_dhe_rsa_with_
aes_128_cbc_sha (not enabled by default; client side only) tl...
...s_dhe_dss_with_
aes_128_cbc_sha (not enabled by default; client side only) ssl_rsa_with_rc4_128_md5 ssl_rsa_with_rc4_128_sha (not enabled by default) tls_rsa_with_
aes_128_cbc_sha (not enabled by default) ssl_dhe_rsa_with_3des_ede_cbc_sha (not enabled by default; client side only) ssl_dhe_dss_with_3des_ede_cbc_sha (not enabled by default; client side only) ssl_rsa_fips_with_3des_ede_cbc_sha ssl_rsa_with_3des_ede_cbc_sha ssl_fortezza_dms_with_fortezza_cbc_sha ssl_dhe_rsa_with_des_cbc_sha (not enabled by default; client side only) ssl_dhe_dss_with_des_cbc_sha (not enabled by default; client side only) ssl_rsa_fips_with_des_cbc_sha ssl_rsa_with_des_cbc_sha tls_rsa_export1024_with_rc4_56_sha tls_rsa_export1024_with_des_cbc_sha ...
... values for ssl2 (all are disallowed by default): ssl_en_rc4_128_with_md5 ssl_en_rc4_128_export40_with_md5 ssl_en_rc2_128_cbc_with_md5 ssl_en_rc2_128_cbc_export40_with_md5 ssl_en_des_64_cbc_with_md5 ssl_en_des_192_ede3_cbc_with_md5 values for ssl3/tls (all are disallowed by default): tls_dhe_rsa_with_
aes_256_cbc_sha (client side only) tls_dhe_dss_with_
aes_256_cbc_sha (client side only) tls_rsa_with_
aes_256_cbc_sha ssl_fortezza_dms_with_rc4_128_sha tls_dhe_dss_with_rc4_128_sha (client side only) tls_dhe_rsa_with_
aes_128_cbc_sha (client side only) tls_dhe_dss_with_
aes_128_cbc_sha (client side only) ssl_rsa_with_rc4_128_md5 ssl_rsa_with_rc4_128_sha tls_rs...
...And 3 more matches
SubtleCrypto.importKey() - Web APIs
for
aes-ctr,
aes-cbc,
aes-gcm, or
aes-kw: pass the string identifying the algorithm or an object of the form { "name": algorithm }, where algorithm is the name of the algorithm.
... raw you can use this format to import or export
aes or hmac secret keys, or elliptic curve public keys.
... json web key you can use json web key format to import or export rsa or elliptic curve public or private keys, as well as
aes and hmac secret keys.
...And 3 more matches
NSS Sample Code Sample1
this program shows the following: rsa key pair generation naming rsa key pairs looking up a previously generated key pair by name creating
aes and mac keys (or encryption and mac keys in general) wrapping symmetric keys using your own rsa key pair so that they can be stored on disk or in a database.
... this key // may be used for an encryption mechanism (des or
aes) or for // integrity (md5_hmac or sha1_hmac).
...in particular, this // creates the key pair that is used for wrapping keys int init(); // generates keys for encryption (
aes) and macing.
...And 2 more matches
Python binding for NSS
`pip wheel -w dist .` the following constants were added: ssl.tls_
aes_128_gcm_sha256 ssl.tls_
aes_256_gcm_sha384 ssl.tls_chacha20_poly1305_sha256 release 1.0.0 release date 2016-09-01 scm tag pynss_release_1_0_0 source download https://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/pynss_release_1_0_0/src/ change log official 1.0.0 release, only minor tweak...
...es/ssl_version_range.py the following constants were added: nss.certdb_terminal_record nss.certdb_valid_peer nss.certdb_trusted nss.certdb_send_warn nss.certdb_valid_ca nss.certdb_trusted_ca nss.certdb_ns_trusted_ca nss.certdb_user nss.certdb_trusted_client_ca nss.certdb_govt_approved_ca ssl.srtp_
aes128_cm_hmac_sha1_32 ssl.srtp_
aes128_cm_hmac_sha1_80 ssl.srtp_null_hmac_sha1_32 ssl.srtp_null_hmac_sha1_80 ssl.ssl_ck_des_192_ede3_cbc_with_md5 ssl.ssl_ck_des_64_cbc_with_md5 ssl.ssl_ck_idea_128_cbc_with_md5 ssl.ssl_ck_rc2_128_cbc_export40_with_md5 ssl.ssl_ck_rc2_128_cbc_with_md5 ssl.ssl_ck_rc4_128_export40_with_md5 ssl.ssl_ck_rc...
...4_128_with_md5 ssl.ssl_fortezza_dms_with_fortezza_cbc_sha ssl.ssl_fortezza_dms_with_null_sha ssl.ssl_fortezza_dms_with_rc4_128_sha ssl.ssl_rsa_oldfips_with_3des_ede_cbc_sha ssl.ssl_rsa_oldfips_with_des_cbc_sha ssl.tls_dhe_dss_export_with_des40_cbc_sha ssl.tls_dhe_dss_with_3des_ede_cbc_sha ssl.tls_dhe_dss_with_
aes_128_gcm_sha256 ssl.tls_dhe_dss_with_camellia_128_cbc_sha ssl.tls_dhe_dss_with_camellia_256_cbc_sha ssl.tls_dhe_dss_with_des_cbc_sha ssl.tls_dhe_rsa_export_with_des40_cbc_sha ssl.tls_dhe_rsa_with_3des_ede_cbc_sha ssl.tls_dhe_rsa_with_
aes_128_cbc_sha256 ssl.tls_dhe_rsa_with_
aes_128_gcm_sha256 ssl.tls_dhe_rsa_with_
aes_256_cbc_sha256 ssl.tls_dhe_rsa_with_camellia_128_cbc...
...And 2 more matches
SubtleCrypto.deriveKey() - Web APIs
for
aes-ctr,
aes-cbc,
aes-gcm, or
aes-kw: pass an
aeskeygenparams object.
...they then use derivekey() to derive a shared
aes key, that they could use to encrypt messages.
... /* derive an
aes key, given: - our ecdh private key - their ecdh public key */ function derivesecretkey(privatekey, publickey) { return window.crypto.subtle.derivekey( { name: "ecdh", public: publickey }, privatekey, { name: "
aes-gcm", length: 256 }, false, ["encrypt", "decrypt"] ); } async function agreesharedsecretkey() { // generate 2 ecdh key pairs: one for alice and one for bob // in more normal usage, they would generate their key pairs // separately and exchange public keys securely let aliceskeypair = await window.crypto.subtle.generatekey( { name: "ecdh", namedcurve: "p-384" }, false, ["derivekey"] ); let bobskeypair = await window.crypto.subtle.generat...
...And 2 more matches
NSS_3.12_release_notes.html
top_testing_on_fresh_info cert_rev_m_continue_testing_on_fresh_info cert_rev_mi_test_each_method_separately cert_rev_mi_test_all_local_information_first cert_rev_mi_no_overall_info_requirement cert_rev_mi_require_some_fresh_info_available cert_policy_flag_no_mapping cert_policy_flag_explicit cert_policy_flag_no_any cert_enable_ldap_fetch cert_enable_http_fetch new macro in utilrename.h: smime_
aes_cbc_128 the nssckbi pkcs #11 module's version changed to 1.70.
...c_error_ocsp_responder_cert_invalid sec_error_ocsp_bad_signature sec_error_out_of_search_limits sec_error_invalid_policy_mapping sec_error_policy_validation_failed sec_error_unknown_aia_location_type sec_error_bad_http_response sec_error_bad_ldap_response sec_error_failed_to_encode_data sec_error_bad_info_access_location sec_error_libpkix_internal new mechanism flags (see secmod.h) public_mech_
aes_flag public_mech_sha256_flag public_mech_sha512_flag public_mech_camellia_flag new oids (see secoidt.h) new ec signature oids sec_oid_ansix962_ecdsa_signature_recommended_digest sec_oid_ansix962_ecdsa_signature_specified_digest sec_oid_ansix962_ecdsa_sha224_signature sec_oid_ansix962_ecdsa_sha256_signature sec_oid_ansix962_ecdsa_sha384_signature sec_oid_ansix962_ecdsa_sha512_signature more i...
... tls cipher suites are declared but are not yet implemented: tls_dh_dss_with_camellia_128_cbc_sha tls_dh_rsa_with_camellia_128_cbc_sha tls_dh_anon_with_camellia_128_cbc_sha tls_dh_dss_with_camellia_256_cbc_sha tls_dh_rsa_with_camellia_256_cbc_sha tls_dh_anon_with_camellia_256_cbc_sha tls_ecdh_anon_with_null_sha tls_ecdh_anon_with_rc4_128_sha tls_ecdh_anon_with_3des_ede_cbc_sha tls_ecdh_anon_with_
aes_128_cbc_sha tls_ecdh_anon_with_
aes_256_cbc_sha bugs fixed the following bugs have been fixed in nss 3.12.
...mple bug 335019: pk12util takes friendly name from key, not cert bug 339173: mem leak whenever secmod_handle_string_arg called in loop bug 353904: klocwork null ptr deref in secasn1d.c bug 366390: correct misleading function names in fipstest bug 370536: memory leaks in pointer tracker code in debug builds only bug 372242: cert_comparerdn uses incorrect algorithm bug 379753: s/mime should support
aes bug 381375: ocspclnt doesn't work on windows bug 398693: der_asciitotime produces incorrect output for dates 1950-1970 bug 420212: empty cert dns handled badly, display as !invalid ava!
NSS 3.14.2 release notes
the release is available for download from https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_14_2_rtm/src/ for the primary nss documentation pages please visit /docs/nss new in nss 3.14.2 nss will now make use of the intel
aes-ni and avx instruction sets for hardware-accelerated
aes-gcm on 64-bit linux systems.
... new types: in certt.h cert_pi_useonlytrustanchors in secoidt.h sec_oid_ms_ext_key_usage_ctl_signing notable changes in nss 3.14.2 bug 805604 - support for
aes-ni and avx accelerated
aes-gcm was contributed by shay gueron of intel.
... if compiled on linux systems in 64-bit mode, nss will include runtime detection to check if the platform supports
aes-ni and pclmulqdq.
... bug 373108 - fixed a bug where, under certain circumstances, when applications supplied invalid/out-of-bounds parameters for
aes encryption, a double free may occur.
NSS 3.14 release notes
introduction the nss team has released network security services (nss) 3.14, which is a minor release with the following new features: support for tls 1.1 (rfc 4346) experimental support for dtls 1.0 (rfc 4347) and dtls-srtp (rfc 5764) support for
aes-ctr,
aes-cts, and
aes-gcm support for keying material exporters for tls (rfc 5705) in addition to the above new features, the following major changes have been introduced: support for certificate signatures using the md5 hash algorithm is now disabled by default.
...non-ecc
aes and triple des cipher suites are enabled by default.
... the following functions have been added to the libssl library included in nss 3.14: dtls_importfd (in ssl.h) dtls_gethandshaketimeout (in ssl.h) ssl_getsrtpcipher (in ssl.h) ssl_setrtpciphers (in ssl.h) support for
aes-gcm support for
aes-gcm has been added to the nss pkcs #11 module (softoken), based upon the draft 7 of pkcs #11 v2.30.
... the following types have been added in nss 3.14 certchainverifycallback (in certt.h) certchainverifycallbackfunc (in certt.h) cert_pi_chainverifycallback, a new option for certvalparamintype (in certt.h) a new error code: sec_error_application_callback_error (in secerr.h) new for pkcs #11 pkcs #11 mechanisms: ckm_
aes_cts ckm_
aes_ctr ckm_
aes_gcm (see warnings against using c_encryptupdate/c_decryptupdate above) ckm_sha224_key_derivation ckm_sha256_key_derivation ckm_sha384_key_derivation ckm_sha512_key_derivation changes in nss 3.14 bug 333601 - performance enhancements for intel macs when building for intel macs, nss will now take adv...
nsISyncJPAKE
1.0 66 introduced gecko 2.0 inherits from: nsisupports last changed in gecko 2.0 (firefox 4 / thunderbird 3.3 / seamonkey 2.1) method overview void final(in acstring ab, in acstring agvb, in acstring arb, in acstring ahkdfinfo, out acstring a
aes256key, out acstring ahmac256key); void round1(in acstring asignerid, out acstring agx1, out acstring agv1, out acstring ar1, out acstring agx2, out acstring agv2, out acstring ar2); void round2(in acstring apeerid, in acstring apin, in acstring agx3, in acstring agv3, in acstring ar3, in acstring agx4, in acstring agv4, in acstring ar4, out acstring aa, out acstring agva, out acstring ara); methods final() perform the ...
...this will compute the key and expand the key to two keys, an
aes256 encryption key and a 256 bit hmac key.
...void final( in acstring ab, in acstring agvb, in acstring arb, in acstring ahkdfinfo, out acstring a
aes256key, out acstring ahmac256key ); parameters ab schnorr signature value b, in hex representation.
...ahkdfinfo missing description a
aes256key the
aes 256 encryption key, in base64 representation.
Index - Web APIs
42
aescbcparams api,
aescbcparams, dictionary, reference, web crypto api the
aescbcparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-cbc algorithm.
... 43
aesctrparams api,
aesctrparams, dictionary, reference, web crypto api the
aesctrparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-ctr algorithm.
... 44
aesgcmparams api,
aesgcmparams, dictionary, reference, web crypto api the
aesgcmparams dictionary of the web crypto api represents the object that should be passed as the algorithm parameter into subtlecrypto.encrypt(), subtlecrypto.decrypt(), subtlecrypto.wrapkey(), or subtlecrypto.unwrapkey(), when using the
aes-gcm algorithm.
... 45
aeskeygenparams api,
aeskeygenparams, dictionary, reference, web crypto api see the examples for subtlecrypto.generatekey().
SSL and TLS - Archive of obsolete content
supported cipher suites for rsa cipher suites with the rsa key exchange that are commonly supported include the following:
aes and sha message authentication.
... advanced encryption standard (
aes) ciphers have a fixed block size of 128-bits, and the keys can be either 128-bit or 256-bit.
...there are more possible keys than any other cipher, making
aes the strongest cipher supported by ssl.
How do you host your website on Google App Engine? - Learn web development
for this tutorial, the following values are used: project name: gae sample site project id: g
aesamplesite click the create button to create your project.
... run the following in the command line to select your project: gcloud config set project g
aesamplesite then run the following command to go to your app's directory: cd sample-app you are now ready to deploy your application, i.e.
...for example, for the project id g
aesamplesite, go to g
aesamplesite.appspot.com.
NSS 3.15.2 release notes
new in nss 3.15.2 new functionality
aes-gcm ciphersuites:
aes-gcm cipher suite (rfc 5288 and rfc 5289) support has been added when tls 1.2 is negotiated.
... specifically, the following cipher suites are now supported: tls_ecdhe_ecdsa_with_
aes_128_gcm_sha256 tls_ecdhe_rsa_with_
aes_128_gcm_sha256 tls_dhe_rsa_with_
aes_128_gcm_sha256 tls_rsa_with_
aes_128_gcm_sha256 new functions pk11_cipherfinal has been introduced, which is a simple alias for pk11_digestfinal.
...new pkcs #11 mechanisms no new pkcs#11 mechanisms have been introduced notable changes in nss 3.15.2 bug 880543 - support for
aes-gcm ciphersuites that use the sha-256 prf bug 663313 - md2, md4, and md5 signatures are no longer accepted for ocsp or crls, consistent with their handling for general certificate signatures.
NSS 3.15 release notes
this is necessary for
aes-gcm.
...this is necessary for
aes-gcm.
... bug 853285: fixed bugs in
aes gcm.
NSS 3.47 release notes
notable changes in nss 3.47 bug 1152625 - support
aes hw acceleration on armv8 bug 1267894 - allow per-socket run-time ordering of the cipher suites presented in clienthello bug 1570501 - add cmac to freebl and pkcs #11 libraries bugs fixed in nss 3.47 bug 1459141 - make softoken cbc padding removal constant time bug 1589120 - more cbc padding tests bug 1465613 - add ability to distrust certificates issued after a certain date for a specifi...
...ed root cert bug 1588557 - bad debug statement in tls13con.c bug 1579060 - mozilla::pkix tag definitions for issueruniqueid and subjectuniqueid shouldn't have the constructed bit set bug 1583068 - nss 3.47 should pick up fix from bug 1575821 (nspr 4.23) bug 1152625 - support
aes hw acceleration on armv8 bug 1549225 - disable dsa signature schemes for tls 1.3 bug 1586947 - pk11_importandreturnprivatekey does not store nickname for ec keys bug 1586456 - unnecessary conditional in pki3hack, pk11load and stanpcertdb bug 1576307 - check mechanism param and param length before casting to mechanism-specific structs bug 1577953 - support longer (up to rfc maximum) hkdf outputs bug 1508776 - remove refcounting from sftk_freesession (cve-2019-11756) bug 1494063 - support tls exporter in tstc...
...lnt and selfserv bug 1581024 - heap overflow in nss utility "derdump" bug 1582343 - soft token mac verification not constant time bug 1578238 - handle invald tag sizes for ckm_
aes_gcm bug 1576295 - check all bounds when encrypting with seed_cbc bug 1580286 - nss rejects tls 1.2 records with large padding with sha384 hmac bug 1577448 - create additional nested s/mime test messages for thunderbird bug 1399095 - allow nss-try to be used to test nspr changes bug 1267894 - libssl should allow selecting the order of cipher suites in clienthello bug 1581507 - fix unportable grep expression in test scripts bug 1234830 - [cid 1242894][cid 1242852] unused values bug 1580126 - fix build failure on aarch64_be while building freebl/gcm bug 1385039 - build nspr tests as part of nss continuous i...
nss tech note5
when all done with encrypt/decrypt ops, clean up</big> <big>pk11_freesymkey(symkey); secitem_freeitem(secparam, pr_true); pk11_freeslot(slot);</big> note:
aes encryption, a fixed blocksize of 16 bytes is used.
... the rijndael algorithm permits 3 blocksizes (16, 24, 32 bytes), but the
aes standard requires the blocksize to be 16 bytes.
... secstatus rv = pk11_extractkeyvalue(symkey); secitem *keydata = pk11_getkeydata(symkey); generating a persistent symmetric key secitem keyid; ck_mechanism_type ciphermech = ckm_
aes_cbc_pad; keyid.data = /* ptr to an array of bytes representing the id of the key to be generated */; keyid.len = /* length of the array of bytes */; /* keysize must be 0 for fixed key-length algorithms like des...
PKCS11 FAQ
generic crypto svcs are the services that nss uses to do its basic cryptography (rsa encryption with public keys, hashing,
aes, des, rc4, rc2, and so on).other pkcs #11 modules can supply implementations of these functions, and nss uses those versions under certain conditions.
... if i have a multipurpose token that supports all required pkcs #11 functions and provides rsa_pkcs and dsa mechanisms but but not
aes, des or rc4, will nss use the token for the rsa_pkcs mechanisms and the nss internal pkcs #11 module for
aes, des or rc4 when making an ssl connection?
...symmetric operations supported by nss include the following: ckm_
aes_xxx, ckm_des3_xxx, ckm_des_xxx, ckm_rc2_xxx, and ckm_rc4_xxx.
NSS tools : modutil
modutil supports several mechanisms: rsa, dsa, rc2, rc4, rc5,
aes, des, dh, sha1, sha256, sha512, ssl, tls, md5, md2, random (for random number generation), and friendly (meaning certificates are publicly readable).
...cs #11 module" -dbdir sql:/home/my/sharednssdb ----------------------------------------------------------- name: nss internal pkcs #11 module library file: **internal only module** manufacturer: mozilla foundation description: nss internal crypto services pkcs #11 version 2.20 library version: 3.11 cipher enable flags: none default mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:
aes slot: nss internal cryptographic services slot mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:
aes manufacturer: mozilla foundation type: software version number: 3.11 firmware version: 0.0 status: enabled token name: nss generic crypto services token manufacturer: mozilla foundation token model: nss 3 token serial number: 0000000000000000 token version: 4.0 token firmware v...
...certprefix= keyprefix= secmod=secmod.db flags=readonly " nss="trustorder=75 cipherorder=100 slotparams={0x00000001=[slotflags=rsa,rc4,rc2,des,dh,sha1,md5,md2,ssl,tls,
aes,random askpw=any timeout=30 ] } flags=internal,critical" setting a default provider for security mechanisms multiple security modules may provide support for the same security mechanisms.
NSS_3.12.3_release_notes.html
rust flags not being honored in cert_verifycert bug 469583: coverity: uninitialized variable used in sec_pkcs5createalgorithmid bug 469944: when built with microsoft compilers bug 470351: crlutil build fails on windows because it calls undeclared isatty bug 471539: stop honoring digital signatures in certificates and crls based on weak hashes bug 471665: nss reports incorrect sizes for (
aes) symmetric keys bug 471715: add cert to nssckbi to override rogue md5-collision ca cert bug 472291: crash in libpkix object leak tests due to null pointer dereferencing in pkix_build.c:3218.
... bug 472749: softoken permits
aes keys of any length to be created bug 473147: pk11mode tests fails on aix when using shareable dbs.
... bug 484425: need accessor function to retrieve symkey handle bug 484466: sec_error_invalid_args with nss_enable_pkix_verify=1 bug 485127: bltest crashes when attempting rc5_cbc or rc5_ecb bug 485140: wrong command line flags used to build intel-
aes.s with solaris gas for x86_64 bug 485370: crash bug 485713: files added by red hat recently have missing texts in license headers.
NSS tools : modutil
modutil supports several mechanisms: rsa, dsa, rc2, rc4, rc5,
aes, des, dh, sha1, sha256, sha512, ssl, tls, md5, md2, random (for random number generation), and friendly (meaning certificates are publicly readable).
...s #11 module" -dbdir sql:/home/my/sharednssdb ----------------------------------------------------------- name: nss internal pkcs #11 module library file: **internal only module** manufacturer: mozilla foundation description: nss internal crypto services pkcs #11 version 2.20 library version: 3.11 cipher enable flags: none default mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:
aes slot: nss internal cryptographic services slot mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:
aes manufacturer: mozilla foundation type: software version number: 3.11 firmware version: 0.0 status: enabled token name: nss generic crypto services token manufacturer: mozilla foundation token model: nss 3 token serial number: 0000000000000000 token versi...
...certprefix= keyprefix= secmod=secmod.db flags=readonly " nss="trustorder=75 cipherorder=100 slotparams={0x00000001=[slotflags=rsa,rc4,rc2,des,dh,sha1,md5,md2,ssl,tls,
aes,random askpw=any timeout=30 ] } flags=internal,critical" setting a default provider for security mechanisms multiple security modules may provide support for the same security mechanisms.
mozIStorageStatement
inalize(); mozistoragestatement clone(); autf8string getparametername(in unsigned long aparamindex); unsigned long getparameterindex(in autf8string aname); autf8string getcolumnname(in unsigned long acolumnindex); unsigned long getcolumnindex(in autf8string aname); void reset(); astring escapestringforlike(in astring avalue, in wchar
aescapechar); void bindparameters(in mozistoragebindingparamsarray aparameters); mozistoragebindingparamsarray newbindingparamsarray(); void bindutf8stringparameter(in unsigned long aparamindex, in autf8string avalue); void bindstringparameter(in unsigned long aparamindex, in astring avalue); void binddoubleparameter(in unsigned long aparamindex, in doub...
... astring escapestringforlike( in astring avalue, in wchar
aescapechar ); parameters avalue string to escape for sql like.
...
aescapechar the escape character to use.
Element.scrollHeight - Web APIs
pr
aesent molestie, dolor ut eleifend aliquam, mi ligula ultrices sapien, quis cursus neque dui nec risus.
...pr
aesent dictum ipsum aliquet erat eleifend sit amet sollicitudin felis tempus.
...pr
aesent sem sem, aliquet non faucibus vitae, iaculis nec elit.
SubtleCrypto.generateKey() - Web APIs
for
aes-ctr,
aes-cbc,
aes-gcm, or
aes-kw: pass an
aeskeygenparams object.
... let key = window.crypto.subtle.generatekey( { name: "hmac", hash: {name: "sha-512"} }, true, ["sign", "verify"] );
aes key generation this code generates an
aes-gcm encryption key.
... let key = window.crypto.subtle.generatekey( { name: "
aes-gcm", length: 256 }, true, ["encrypt", "decrypt"] ); specifications specification status comment web cryptography apithe definition of 'subtlecrypto.generatekey()' in that specification.
WindowOrWorkerGlobalScope.setInterval() - Web APIs
pr
aesent scelerisque urna vitae nibh tristique varius consequat neque luctus.
...pr
aesent vitae eros erat, pulvinar laoreet magna.
...pr
aesent bibstartum condimentum feugiat.</p> <p>nam faucibus, ligula eu fringilla pulvinar, lectus tellus iaculis nunc, vitae scelerisque metus leo non metus.
Using Recursive Templates - Archive of obsolete content
for example, using this xml datasource: <people> <group name="male"> <person name="napoleon bonaparte"/> <person name="julius c
aesar"/> <person name="ferdinand magellan"/> </group> <group name="female"> <person name="cleopatra"/> <person name="laura secord"/> </group> </people> we could display this data in a flat list by using the right query: <query expr="group/person/"> or, we could display one level for the two groups, and use another level for each person.
... <vbox id="row2" container="true" empty="false" class="indent"> <label value="male"/> <vbox id="row4" class="indent"><label value="napoleon bonaparte"/></vbox> <vbox id="row5" class="indent"><label value="julius c
aesar"/></vbox> <vbox id="row6" class="indent"><label value="ferdinand magellan"/></vbox> </vbox> <vbox id="row3" container="true" empty="false" class="indent"> <label value="female"/> <vbox id="row7" class="indent"><label value="cleopatra"/></vbox> <vbox id="row8" class="indent"><label value="laura secord"/></vbox> </vbox> </groupbox> note how similar content corresponding to ...
XML Templates - Archive of obsolete content
for this and the following examples, we are going to use the following xml document containing a list of people: <people> <person name="napoleon bonaparte" gender="male"/> <person name="cleopatra" gender="female"/> <person name="julius c
aesar" gender="male"/> <person name="ferdinand magellan" gender="male"/> <person name="laura secord" gender="female"/> </people> xml query syntax the query syntax is fairly simple for xml datasources.
... <people id="famouspeople" xmlns=""> <person name="napoleon bonaparte" gender="male"/> <person name="cleopatra" gender="female"/> <person name="julius c
aesar" gender="male"/> <person name="ferdinand magellan" gender="male"/> <person name="laura secord" gender="female"/> </people> <listbox datasources="#famouspeople" ref="*" querytype="xml"> <template> <query expr="person"/> <action> <listitem uri="?" label="?name"/> </action> </template> </listbox> here, an anchor reference, starting with a number sign (#) is used for the...
FIPS Mode - an explanation
it must implement the us government standard algorithms (also specified in other fips documents) such as
aes, triple-des, sha-1 and sha-256, that are needed to do whatever job the application wants it to perform.
... firefox can only use the latest version of ssl, known as "tls", and not the older ssl 2 or ssl 3.0 protocols, and firefox can only talk to those servers that use fips standard encryption algorithms such as
aes or triple-des.
NSS 3.15.1 release notes
aes gcm cipher suites are not yet supported.
... tls_dhe_rsa_with_
aes_256_cbc_sha256, tls_rsa_with_
aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_
aes_128_cbc_sha256, tls_ecdhe_rsa_with_
aes_128_cbc_sha256, tls_dhe_rsa_with_
aes_128_cbc_sha256, tls_rsa_with_
aes_128_cbc_sha256, tls_rsa_with_null_sha256 - new tls 1.2 only hmac-sha256 cipher suites.
NSS 3.30 release notes
new macros in ciferfam.h pkcs12_
aes_cbc_128, pkcs12_
aes_cbc_192, pkcs12_
aes_cbc_256 - cipher family identifiers corresponding to the pkcs#5 v2.1
aes based encryption schemes used in the pkcs#12 support in nss in pkcs11n.h cka_nss_mozilla_ca_policy - identifier for a boolean pkcs#11 attribute, that should be set to true, if a ca is present because of it's acceptance according to the mozilla ca policy notable chang...
... the pk12util tool now supports importing and exporting data encrypted in the
aes based schemes defined in pkcs#5 v2.1.
NSS 3.46 release notes
of particular note are significant improvements to
aes-gcm performance on arm.
...fails bug 1539788 - add length checks for cryptographic primitives (cve-2019-17006) bug 1542077 - mp_set_ulong and mp_set_int should return errors on bad values bug 1572791 - read out-of-bounds in der_decodetimechoice_util from sslexp_delegatecredential bug 1560593 - cleanup.sh script does not set error exit code for tests that "failed with core" bug 1566601 - add wycheproof test vectors for
aes-kw bug 1571316 - curve25519_32.c:280: undefined reference to `pr_assert' when building nss 3.45 on armhf-linux bug 1516593 - client to generate new random during renegotiation bug 1563258 - fips.sh fails due to non-existent "resp" directories bug 1561598 - remove -wmaybe-uninitialized warning in pqg.c bug 1560806 - increase softoken password max size to 500 characters bug 1568776 - output p...
NSS 3.51 release notes
bug 1611209 - correct swapped pkcs11 values of ckm_
aes_cmac and ckm_
aes_cmac_general bug 1612259 - complete integration of wycheproof ecdh test cases bug 1614183 - check if ppc __has_include(<sys/auxv.h>) bug 1614786 - fix a compilation error for ‘getfipsenv’ "defined but not used" bug 1615208 - send dtls version numbers in dtls 1.3 supported_versions extension to avoid an incompatibility.
... 1609751 - add test for mp_int clamping bug 1582169 - don't attempt to read the fips_enabled flag on the machine unless nss was built with fips enabled bug 1431940 - fix a null pointer dereference in blake2b_update bug 1617387 - fix compiler warning in secsign.c bug 1618400 - fix a openbsd/arm64 compilation error: unused variable 'getauxval' bug 1610687 - fix a crash on unaligned cmaccontext.
aes.keyschedule when using
aes-ni intrinsics this bugzilla query returns all the bugs fixed in nss 3.51: https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&product=nss&target_milestone=3.51 compatibility nss 3.51 shared libraries are backward compatible with all older nss 3.x shared libraries.
NSS 3.52 release notes
bug 1623374 - support new pkcs #11 v3.0 message interface for
aes-gcm and chachapoly.
... bug 1623374 - support new pkcs #11 v3.0 message interface for
aes-gcm and chachapoly.
NSS Config Options
ash2:rsa-1024..." only the specified hashes and curves will be allowed: config="disallow=all allow=sha1:sha256:secp256r1:secp384r1" only the specified hashes and curves will be allowed, and rsa keys of 2048 or more will be accepted, and dh key exchange with 1024-bit primes or more: config="disallow=all allow=sha1:sha256:secp256r1:secp384r1:min-rsa=2048:min-dh=1024" a policy that enables the
aes ciphersuites and the secp256/384 curves: config="allow=
aes128-cbc:
aes128-gcm::hmac-sha1:sha1:sha256:sha384:rsa:ecdhe-rsa:secp256r1:secp384r1" turn off md5 config="disallow=md5" turn off md5 and sha1 only for ssl config="disallow=md5(ssl):sha1(ssl)" disallow values are parsed first, and then allow values, independent of the order in which they appear.
...1 c2pnb304w1 c2tnb359v1 c2pnb368w1 c2tnb431r1 sect113r1 sect131r1 sect131r1 sect131r2 sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 hashes md2 md4 md5 sha1 sha224 sha256 sha384 sha512 macs hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmac-md5 ciphers
aes128-cbc
aes192-cbc
aes256-cbc
aes128-gcm
aes192-gcm
aes256-gcm camellia128-cbc camellia192-cbc camellia256-cbc seed-cbc des-ede3-cbc des-40-cbc des-cbc null-cipher rc2 rc4 idea ssl key exchanges rsa rsa-export dhe-rsa dhe-dss dh-rsa dh-dss ecdhe-ecdsa ecdhe-rsa ecdh-ecdsa ecdh-rsa restrictions for asymmetric keys (integers) rsa-min dh-min dsa-min constraints on ssl ...
NSS Sample Code sample6
fresh db, * should fail on successive runs because key with that id already exists */ genkey(2); /* generate a key with id 1 - this will fail because key with that id * already exists */ genkey(1); } void genkey(int id) { pk11slotinfo* slot = null; pk11symkey* key = null; secitem keyiditem; int keyid[1]; ck_mechanism_type ciphermech; /* using ckm_
aes_cbc_pad mechanism for example */ ciphermech = ckm_
aes_cbc_pad; slot = pk11_getinternalkeyslot(); /* slot = pk11_getbestslot(ciphermech, null); didn't work.
... * since we're using
aes in this example, we're specifying * one of the valid keysizes (16, 24, 32) */ key = pk11_tokenkeygen(slot, ciphermech, 0, 32 /*keysize*/, &keyiditem, pr_true, 0); if (key == null) { fprintf(stderr, "pk11_tokenkeygen failed (err %d)\n", pr_geterror()); pk11_freeslot(slot); return; } fprintf(stderr, "key length of generated key i...
FIPS mode of operation
fc_createobject fc_copyobject fc_destroyobject fc_getobjectsize fc_getattributevalue fc_setattributevalue fc_findobjectsinit fc_findobjects fc_findobjectsfinal encryption functions these functions support triple des and
aes in ecb and cbc modes.
... fc_encryptinit fc_encrypt fc_encryptupdate fc_encryptfinal decryption functions these functions support triple des and
aes in ecb and cbc modes.
HTMLTextAreaElement - Web APIs
pr
aesent tristique commodo lorem quis fringilla.
...pr
aesent sagittis, est eget bibendum tincidunt, ligula diam tincidunt augue, a fermentum odio velit eget mi.
SubtleCrypto.exportKey() - Web APIs
raw export this example exports an
aes key as an arraybuffer containing the bytes for the key.
...*/ window.crypto.subtle.generatekey( { name: "
aes-gcm", length: 256, }, true, ["encrypt", "decrypt"] ).then((key) => { const exportbutton = document.queryselector(".raw"); exportbutton.addeventlistener("click", () => { exportcryptokey(key); }); }); pkcs #8 export this example exports an rsa private signing key as a pkcs #8 object.
Namespaces - Archive of obsolete content
for example using the following xml document containing a list of people: <people xmlns="www.example.com/people"> <person name="napoleon bonaparte" gender="male"/> <person name="cleopatra" gender="female"/> <person name="julius c
aesar" gender="male"/> <person name="ferdinand magellan" gender="male"/> <person name="laura secord" gender="female"/> </people> <listbox datasources="people.xml" ref="*" querytype="xml"> <template xmlns:ns="www.example.com/people"> <query expr="ns:person"/> <action> <listitem uri="?" label="?ns:name"/> </action> </template> </listbox> once added to the template element the namespaces can then be referenced inside temple...
Cipher suite - MDN Web Docs Glossary: Definitions of Web-related terms
a typical cipher suite looks like ecdhe_rsa_with_
aes_128_gcm_sha256 or ecdhe-rsa-
aes128-gcm-sha256, indicating: ecdhe (elliptic curve diffie-hellman ephemeral) for key exchange rsa for authentication
aes-128 as the cipher, with galois/counter mode (gcm) as the block cipher mode of operation sha-256 as the hash-based message authentication code (hmac) learn more mozilla recommended cipher suite choices for tls ...
4.3 Release Notes
ot yet implemented: tls_dh_dss_with_camellia_128_cbc_sha tls_dh_rsa_with_camellia_128_cbc_sha tls_dh_anon_with_camellia_128_cbc_sha tls_dh_dss_with_camellia_256_cbc_sha tls_dh_rsa_with_camellia_256_cbc_sha tls_dh_anon_with_camellia_256_cbc_sha tls_ecdh_anon_with_null_sha tls_ecdh_anon_with_rc4_128_sha tls_ecdh_anon_with_3des_ede_cbc_sha tls_ecdh_anon_with_
aes_128_cbc_sha tls_ecdh_anon_with_
aes_256_cbc_sha distribution information jss is checked into mozilla/security/jss/.
NSS 3.12.9 release notes
bug 536485: crash during ssl handshake in [@ intel_
aes_decrypt_cbc_256] bug 444367: nss 3.12 softoken returns the certificate type of a certificate object as ckc_x_509_attr_cert.
NSS 3.15.3 release notes
bugs fixed in nss 3.15.3 bug 850478 - list rc4_128 cipher suites after
aes_128 cipher suites bug 919677 - don't advertise tls 1.2-only ciphersuites in a tls 1.1 clienthello a complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&target_milestone=3.15.3&product=nss compatibility nss 3.15.3 shared libraries are backward compatible with all older nss ...
NSS 3.16.2 release notes
new intel
aes assembly code for 32-bit and 64-bit windows, contributed by shay gueron and vlad krasnov of intel.
NSS 3.20 release notes
support for the following ciphersuites has been added: tls_dhe_dss_with_
aes_128_gcm_sha256 tls_dhe_dss_with_
aes_128_cbc_sha256 tls_dhe_dss_with_
aes_256_cbc_sha256 by default, the server side tls implementation will use dhe parameters with a size of 2048 bits when using dhe ciphersuites.
NSS 3.22 release notes
in ssl.h ssl_peersignedcerttimestamps - get signed_certificate_timestamp tls extension data ssl_setsignedcerttimestamps - set signed_certificate_timestamp tls extension data new types in secoidt.h the following are added to secoidtag: sec_oid_
aes_128_gcm sec_oid_
aes_192_gcm sec_oid_
aes_256_gcm sec_oid_idea_cbc sec_oid_rc2_40_cbc sec_oid_des_40_cbc sec_oid_rc4_40 sec_oid_rc4_56 sec_oid_null_cipher sec_oid_hmac_md5 sec_oid_tls_rsa sec_oid_tls_dhe_rsa sec_oid_tls_dhe_dss sec_oid_tls_dh_rsa sec_oid_tls_dh_dss sec_oid_tls_dh_anon sec_oid_tls_ecdhe_ecdsa sec_oi...
NSS 3.24 release notes
new macros in pkcs11t.h ckm_tls12_mac in secoidt.h sec_oid_tls_ecdhe_psk - this oid governs the use of the tls_ecdhe_psk_with_
aes_128_gcm_sha256 cipher suite, which is used only for session resumption in tls 1.3.
NSS 3.35 release notes
nss 3.30 had introduced a regression, preventing nss from reading some
aes encrypted data, produced by older versions of nss.
NSS 3.41 release notes
bug 1493215 - enabled the following ciphersuites by default: tls_ecdhe_ecdsa_with_
aes_256_gcm_sha384 tls_ecdhe_rsa_with_
aes_256_gcm_sha384 tls_dhe_rsa_with_
aes_256_gcm_sha384 tls_rsa_with_
aes_256_gcm_sha384 new functions none notable changes in nss 3.41 the following ca certificates were added: cn = certigna root ca sha-256 fingerprint: d48d3d23eedb50a459e55197601c27774b9d7b18c94d5a059511a10250b93168 cn = gts root r1 sha-256 fingerprint...
NSS 3.42 release notes
new in nss 3.42 new functionality bug 818686 - support xdg basedir specification new functions none notable changes in nss 3.42 the following ca certificates were added: none the following ca certificates were removed: none added support for some of the testcases from the wycheproof project: bug 1508666 - added
aes-gcm test cases bug 1508673 - added chacha20-poly1305 test cases bug 1514999 - added the curve25519 test cases thanks to jonas allmann for adapting these tests.
NSS 3.45 release notes
9 - add versioning to openbsd builds to fix link time errors using nss bug 1553443 - send session ticket only after handshake is marked as finished bug 1550708 - fix gyp scripts on solaris sparc so that libfreebl_64fpu_3.so builds bug 1554336 - optimize away unneeded loop in mpi.c bug 1559906 - fipstest: use ckm_tls12_master_key_derive instead of vendor specific mechanism bug 1558126 - tls_
aes_256_gcm_sha384 should be marked as fips compatible bug 1555207 - helloretryrequestcallback return code for rejecting 0-rtt bug 1556591 - eliminate races in uses of pk11_setwrapkey bug 1558681 - stop using a global for anti-replay of tls 1.3 early data bug 1561510 - fix a bug where removing -arch xxx args from cc didn't work bug 1561523 - add a string for the new-ish error ssl_error_missing_p...
NSS 3.49 release notes
bug 1606025 - remove -wmaybe-uninitialized warning in sslsnce.c bug 1606119 - fix ppc hw crypto build failure bug 1605545 - memory leak in pk11install_platform_generate bug 1602288 - fix build failure due to missing posix signal.h bug 1588714 - implement checkarmsupport for win64/aarch64 bug 1585189 - nss database uses 3des instead of
aes to encrypt db entries bug 1603257 - fix ubsan issue in softoken ckm_nss_chacha20_ctr initialization bug 1590001 - additional hrr tests (cve-2019-17023) bug 1600144 - treat clienthello with message_seq of 1 as a second clienthello bug 1603027 - test that esni is regenerated after helloretryrequest bug 1593167 - intermittent mis-reporting potential security risk sec_error_unknown_issuer bug 1...
NSS 3.50 release notes
in freebl bug 1575843 - detect aarch64 cpu features on freebsd bug 1607099 - remove the buildbot configuration bug 1585429 - add more hkdf test vectors bug 1573911 - add more rsa test vectors bug 1605314 - compare all 8 bytes of an mp_digit when clamping in windows assembly/mp_comba bug 1604596 - update wycheproof vectors and add support for cbc, p256-ecdh, and cmac tests bug 1608493 - use
aes-ni for non-gcm
aes ciphers on platforms with no assembly-optimized implementation, such as macos.
Overview of NSS
rsa, dsa, ecdsa, diffie-hellman, ec diffie-hellman,
aes, triple des, des, rc2, rc4, sha-1, sha-256, sha-384, sha-512, md2, md5, hmac: common cryptographic algorithms used in public-key and symmetric-key cryptography.
PKCS #11 Module Specs
aes - this token should be used for all
aes operations which are not constrained by an existing key in another token.
NSS tools : pk12util
symmetric cbc ciphers for pkcs#5 v2 o des-cbc o rc2-cbc o rc5-cbcpad o des-ede3-cbc (the default for key encryption) o
aes-128-cbc o
aes-192-cbc o
aes-256-cbc o camellia-128-cbc o camellia-192-cbc o camellia-256-cbc pkcs#12 pbe ciphers o pkcs #12 pbe with sha1 and 128 bit rc4 o pkcs #12 pbe with sha1 and 40 bit rc4 o pkcs #12 pbe with sha1 and triple des cbc o pkcs #12 pbe with sha1 and 128 bit rc2 cbc o pkcs #12 pbe with sha1 and 40 bit rc2 cbc o pkcs12 v2 pbe with sha1 and 128 bit rc4 o pkcs12 v2 pbe w...
TLS Cipher Suite Discovery
they must agree on these items: key establishment algorithm (such as rsa, dh, or ecdh) peer authentication algorithm (such as rsa, dsa, ecdsa) bulk data encryption algorithm (such as rc4, des,
aes) and key size digest algorithm for message authentication checking (sha1, sha256) there are numerous available choices for each of those categories, and the number of possible combinations of all those choices is large.
NSS Tools pk12util
symmetric cbc ciphers for pkcs #5 v2: "des_cbc" "rc2-cbc" "rc5-cbcpad" "des-ede3-cbc" --- default for key encryption "
aes-128-cbc" "
aes-192-cbc" "
aes-256-cbc" "camellia-128-cbc" "camellia-192-cbc" "camellia-256-cbc" pkcs #12 pbe ciphers: "pkcs #12 pbe with sha1 and 128 bit rc4" "pkcs #12 pbe with sha1 and 40 bit rc4" "pkcs #12 pbe with sha1 and triple des cbc" "pkcs #12 pbe with sha1 and 128 bit rc2 cbc" "pkcs #12 pbe with sha1 and 40 bit rc2 cbc" "pkcs12 v2 pbe with sha1 and 128 bit rc4" "pkcs12 v2 pbe with sh...
NSS tools : pk12util
symmetric cbc ciphers for pkcs#5 v2 des_cbc o rc2-cbc o rc5-cbcpad o des-ede3-cbc (the default for key encryption) o
aes-128-cbc o
aes-192-cbc o
aes-256-cbc o camellia-128-cbc o camellia-192-cbc o camellia-256-cbc pkcs#12 pbe ciphers pkcs #12 pbe with sha1 and 128 bit rc4 o pkcs #12 pbe with sha1 and 40 bit rc4 o pkcs #12 pbe with sha1 and triple des cbc o pkcs #12 pbe with sha1 an...
Index
this will compute the key and expand the key to two keys, an
aes256 encryption key and a 256 bit hmac key.
Theme Packaging
pre-requisites making a theme for thunderbird requires knowledge of cascading stylesheets (css), probably xbl, and some graphic design and
aesthetic skill (...or maybe not).
GainNode - Web APIs
if modified, the new gain is instantly applied, causing un
aesthetic 'clicks' in the resulting audio.
SubtleCrypto - Web APIs
ns: sign() verify() encrypt() decrypt() digest() derivebits() derivekey() wrapkey() unwrapkey() rsassa-pkcs1-v1_5 ✓ rsa-pss ✓ ecdsa ✓ hmac ✓ rsa-oaep ✓ ✓
aes-ctr ✓ ✓
aes-cbc ✓ ✓
aes-gcm ✓ ✓ sha-1 ✓ sha-256 ✓ sha-384 ✓ sha-512 ✓ ecdh ✓ hkdf ✓ pbkdf2 ✓
aes...
TextEncoder - Web APIs
these sequences are not already precomputed because they serve to
aesthetically illustrate how the polyfill works.
Web APIs
a angle_instanced_arrays abortcontroller abortsignal absoluteorientationsensor abstractrange abstractworker accelerometer addresserrors
aescbcparams
aesctrparams
aesgcmparams
aeskeygenparams ambientlightsensor analysernode animation animationeffect animationevent animationplaybackevent animationtimeline arraybufferview attr audiobuffer audiobuffersourcenode audioconfiguration audiocontext audiocontextlatencycategory audiocontextoptions audiodestinationnode audiolistener audionode audionodeoptions audioparam audioparamdescriptor...
Accessibility documentation index - Accessibility
100 use of color accessibility, wcag, color, perceivable while color contrast is often primarily an
aesthetic choice, the use of color on a website pertains to using color to communicate information.
::selection - CSS: Cascading Style Sheets
und-color: red; } p::-moz-selection { color: white; background-color: blue; } /* make selected text gold on a red background */ ::selection { color: gold; background-color: red; } /* make selected text in a paragraph white on a blue background */ p::selection { color: white; background-color: blue; } result accessibility concerns don't override selected text styles for purely
aesthetic reasons — users can customize them to suit their needs.
OpenType font features guide - CSS: Cascading Style Sheets
more about alternates https://www.w3.org/tr/css-fonts-4/#propdef-font-variant-alternates /docs/web/css/font-variant-alternates ligatures (font-variant-ligatures) ligatures are glyphs that replace two or more separate glyphs in order to represent them more smoothly (from a spacing or
aesthetic perspective).
break-inside - CSS: Cascading Style Sheets
fusce iaculis urna id neque dapibus, eu lacinia lectus dictum.</p> <figure> <img src="https://udn.realityripple.com/samples/fe/4508d88f78.png"> <figcaption>the firefox logo — fox wrapped around the world</figcaption> </figure> <p>pr
aesent condimentum dui dui, sit amet rutrum diam tincidunt eu.
hanging-punctuation - CSS: Cascading Style Sheets
pr
aesent laoreet tortor massa, sit amet vulputate nulla pharetra ut.”</p> css p { hanging-punctuation: first last; margin: .5rem; } result specifications specification status comment css text module level 3the definition of 'hanging-punctuation' in that specification.
Date and time formats used in HTML - HTML: Hypertext Markup Language
date and time at prime meridian 2005-06-07t00:00z june 7, 2005 at midnight utc june 7, 2005 at midnight 1789-08-22t12:30:00.1-04:00 august 22, 1789 at a tenth of a second past 12:30 pm eastern daylight time (edt) august 22, 1789 at a tenth of a second past 4:30 pm 3755-01-01 00:00+10:00 january 1, 3755 at midnight australian eastern standard time (
aest) december 31, 3754 at 2:00 pm ...