UDN Search

Mozilla › Projects › NSS › NSS Sample Code › Enc Dec MAC Output Plblic Key as CSR

pk11_makeidfrompubkey(cka_id); privkey = pk11_findkeybykeyid(slot, cka_id, pwdata); cleanup: return privkey; } /* * generate the certificate request with subject */ static secstatus certreq(seckeyprivatekey *privk, seckeypublickey *pubk, keytype keytype, secoidtag hashalgtag, certname *subject, prbool ascii, const char *certreqfilename) { certsubjectpublickeyinfo *spki = null; certcertificaterequest *cr = null; secitem *encoding = null; secoidtag signalgtag; secitem result; secstatus rv = secsuccess; print32 numbytes; void *exthandle; prarenapool *arena = null; prf...
... /* open the certificate request file to write */ outfile = pr_open(certreqfilename, pr_create_file | pr_rdwr | pr_truncate, 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing (%ld, %ld).\n", certreqfilename, pr_geterror(), pr_getoserror()); goto cleanup; } /* create info about public key */ spki = seckey_createsubjectpublickeyinfo(pubk); if (!spki) { pr_fprintf(pr_stderr, "unable to create subject public key\n"); rv = secfailure; goto cleanup; } /* generate certificate request */ cr = cert_createcertificaterequest(subject, spki, null); if (!cr) { pr_fprintf(pr_stderr, "unable to make certificate request\n"); rv = secfailure; ...
... return secfailure; } pr_fprintf(outfile, "\n%s\n", ns_certreq_trailer); if (obuf) { port_free(obuf); } } else { numbytes = pr_write(outfile, result.data, result.len); if (numbytes != (int)result.len) { pr_fprintf(pr_stderr, "write error\n"); rv = secfailure; goto cleanup; } } cleanup: if (spki) { seckey_destroysubjectpublickeyinfo(spki); } if (cr) { cert_destroycertificaterequest (cr); } if (arena) { port_freearena(arena, pr_false); } if (outfile) { pr_close(outfile); } return rv; } /* * mac and encrypt the input file content */ secstatus encryptandmac(prfiledesc *infile, prfiledesc *headerfile, pr...

NSS Sample Code sample5

Mozilla › Projects › NSS › NSS Sample Code › NSS Sample Code sample5

0+k2hwnoqihaoc4nvbo8fqhzs4yxm1m86kml47fa9ui//oufbhladw1aiea2dbmixnsbokb+ohver69p0gnewlvcjc9bjdvfdlvslcciqcptv3vgyjv2vdwxqzqahc+yb4gigaqoqbcbmjd3lyflqiga+vtydunoqwtzwve4grf7izk2v5ccnhg3gr5rgwxn58cigccaforruksm66isg0iti04g9v/w+wmx91wjeeb+qbz" int main(int argc, char **argv) { secstatus rv; certcertificate *cert = null; seckeypublickey *pubkey = null; certsubjectpublickeyinfo *spki = null; seckeyprivatekey *pvtkey = null; int modulus_len, i, outlen; char *buf1 = null; char *buf2 = null; char *pubkstr = base64_encoded_subjectpublickeyinfo; char *pvtkstr = base64_encoded_privatekeyinfo; secitem der; secitem nickname; pk11slotinfo *slot = null; /* initialize nss ...
... pr_geterror()); goto cleanup; } /* get internal slot */ slot = pk11_getinternalkeyslot(); if (slot == null) { fprintf(stderr, "couldn't find slot (err %d)\n", pr_geterror()); goto cleanup; } rv = atob_convertasciitoitem(&der, pubkstr); if (rv!= secsuccess) { fprintf(stderr, "atob_convertasciitoitem failed %d\n", pr_geterror()); goto cleanup; } spki = seckey_decodedersubjectpublickeyinfo(&der); secitem_freeitem(&der, pr_false); pubkey = seckey_extractpublickey(spki); if (pubkey == null) { fprintf(stderr, "couldn't extract public key (err %d)\n", pr_geterror()); goto cleanup; } modulus_len = seckey_publickeystrength(pubkey); fprintf(stderr, "public key modulus %d bytes\n", modulus_len); buf1 = (char *)malloc(modulus_...
...stderr, "decrypt with private key failed (err %d)\n", pr_geterror()); goto cleanup; } fprintf(stderr, "result of decryption, outlen = %d\n", outlen); fprintf(stderr, "result of decryption, buf = \n%s\n", buf1); cleanup: if (cert) cert_destroycertificate(cert); if (pubkey) seckey_destroypublickey(pubkey); if (pvtkey) seckey_destroyprivatekey(pvtkey); if (spki) seckey_destroysubjectpublickeyinfo(spki); if (slot) pk11_freeslot(slot); if (buf1) free(buf1); if (buf2) free(buf2); exit(1); } ...

SubtleCrypto.exportKey() - Web APIs

Web › API › SubtleCrypto › exportKey

spki: subjectpublickeyinfo format.
...*/ async function exportcryptokey(key) { const exported = await window.crypto.subtle.exportkey( "spki", key ); const exportedasstring = ab2str(exported); const exportedasbase64 = window.btoa(exportedasstring); const pemexported = `-----begin public key-----\n${exportedasbase64}\n-----end public key-----`; const exportkeyoutput = document.queryselector(".exported-key"); exportkeyoutput.textcontent = pemexported; } /* generate an encrypt/decrypt key pair, then set up an event list...
...*/ window.crypto.subtle.generatekey( { name: "rsa-oaep", // consider using a 4096-bit key for systems that require long-term security moduluslength: 2048, publicexponent: new uint8array([1, 0, 1]), hash: "sha-256", }, true, ["encrypt", "decrypt"] ).then((keypair) => { const exportbutton = document.queryselector(".spki"); exportbutton.addeventlistener("click", () => { exportcryptokey(keypair.publickey); }); }); json web key import this code exports an ecdsa private signing key as a json web key object.

SubtleCrypto.wrapKey() - Web APIs

Web › API › SubtleCrypto › wrapKey

spki: subjectpublickeyinfo format.
...it uses "spki" as the export format and aes-cbc, with a password-derived key, to encrypt it.
...*/ async function wrapcryptokey(keytowrap) { // get the key encryption key const keymaterial = await getkeymaterial(); salt = window.crypto.getrandomvalues(new uint8array(16)); const wrappingkey = await getkey(keymaterial, salt); iv = window.crypto.getrandomvalues(new uint8array(16)); return window.crypto.subtle.wrapkey( "spki", keytowrap, wrappingkey, { name: "aes-cbc", iv: iv } ); } /* generate an encrypt/decrypt key pair, then wrap it.

Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR

Mozilla › Projects › NSS › NSS Sample Code › Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR

t char *certreqfilename) { secoidtag signalgtag; secitem result; print32 numbytes; secstatus rv = secsuccess; prarenapool *arena = null; void *exthandle = null; prfiledesc *outfile = null; certsubjectpublickeyinfo *spki = null; certcertificaterequest *cr = null; secitem *encoding = null; /* if the certificate request file already exists, delete it */ if (pr_access(certreqfilename, pr_access_exists) == pr_success) { pr_delete(certreqfilename); } /* open the certificate request file to write */ outfile = pr_open(certreqfilenam...
...e, pr_create_file | pr_rdwr | pr_truncate, 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing (%ld, %ld).\n", certreqfilename, pr_geterror(), pr_getoserror()); goto cleanup; } /* create info about public key */ spki = seckey_createsubjectpublickeyinfo(pubk); if (!spki) { pr_fprintf(pr_stderr, "unable to create subject public key\n"); rv = secfailure; goto cleanup; } /* generate certificate request */ cr = cert_createcertificaterequest(subject, spki, null); if (!cr) { pr_fprintf(pr_stderr, "unable to make certificate request\n"); rv = secfailure; goto cleanup; } arena = port_newarena(der_default_...

sample2

Mozilla › Projects › NSS › NSS Sample Code › sample2

certificate request with subject */ static secstatus certreq(seckeyprivatekey *privk, seckeypublickey *pubk, keytype keytype, secoidtag hashalgtag, certname *subject, prbool ascii, const char *certreqfilename) { secoidtag signalgtag; secitem result; print32 numbytes; secstatus rv = secsuccess; prarenapool *arena = null; void *exthandle = null; prfiledesc *outfile = null; certsubjectpublickeyinfo *spki = null; certcertificaterequest *cr = null; secitem *encoding = null; /* if the certificate request file already exists, delete it */ if (pr_access(certreqfilename, pr_access_exists) == pr_success) { pr_delete(certreqfilename); } /* open the certificate request file to write */ outfile = pr_open(certreqfilename, pr_create_file | pr_rdwr | pr_truncate, 00660); if (!outfile) { pr_fprintf(pr_stderr, ...
..."unable to open \"%s\" for writing (%ld, %ld).\n", certreqfilename, pr_geterror(), pr_getoserror()); goto cleanup; } /* create info about public key */ spki = seckey_createsubjectpublickeyinfo(pubk); if (!spki) { pr_fprintf(pr_stderr, "unable to create subject public key\n"); rv = secfailure; goto cleanup; } /* generate certificate request */ cr = cert_createcertificaterequest(subject, spki, null); if (!cr) { pr_fprintf(pr_stderr, "unable to make certificate request\n"); rv = secfailure; goto cleanup; } arena = port_newarena(der_default_chunksize); if (!arena) { fprintf(stderr, "out of memory"); rv = secfailure; goto cleanup; } exthandle = cert_startcertificaterequestattributes(cr); if (exthandle == null) { port_freearena (arena, pr_false); rv = secfailure; goto cleanup; } cert_finishextension...

SubtleCrypto.importKey() - Web APIs

Web › API › SubtleCrypto › importKey

spki: subjectpublickeyinfo format.
... const pemfooter = "-----end public key-----"; const pemcontents = pem.substring(pemheader.length, pem.length - pemfooter.length); // base64 decode the string to get the binary data const binaryderstring = window.atob(pemcontents); // convert from a binary string to an arraybuffer const binaryder = str2ab(binaryderstring); return window.crypto.subtle.importkey( "spki", binaryder, { name: "rsa-oaep", hash: "sha-256" }, true, ["encrypt"] ); } json web key import this code imports an ecdsa private signing key, given a json web key object that represents it.

NSS_3.12_release_notes.html

Mozilla › Projects › NSS › NSS 3.12 release notes.html

g 341122: coverity 633 sftk_destroyslotdata uses slot->slotlock then checks it for null bug 351140: coverity 995, potential crash in ecgroup_fromnameandhex bug 362278: lib/util includes header files from other nss directories bug 228190: remove unnecessary nss_enable_ecc defines from manifest.mn bug 412906: remove sha.c and sha.h from lib/freebl bug 353543: valgrind uninitialized memory read in nsspkiobjectcollection_addinstances bug 377548: nss qa test program certutil's default dsa prime is only 512 bits bug 333405: item cleanup is unused deadcode in secitem_allocitem loser bug 288730: compiler warnings in certutil bug 337251: warning: /* within comment bug 362967: export secmod_deletemoduleex bug 389248: nss build failure when nss_enable_ecc is not defined bug 390451: remembered passwords l...

NSS 3.46 release notes

Mozilla › Projects › NSS › NSS 3.46 release notes

andom during renegotiation bug 1563258 - fips.sh fails due to non-existent "resp" directories bug 1561598 - remove -wmaybe-uninitialized warning in pqg.c bug 1560806 - increase softoken password max size to 500 characters bug 1568776 - output paths relative to repository in nss coverity bug 1453408 - modutil -changepw fails in fips mode if password is an empty string bug 1564727 - use a pss spki when possible for delegated credentials bug 1493916 - fix ppc64 inline assembler for clang bug 1561588 - remove -wmaybe-uninitialized warning in p7env.c bug 1561548 - remove -wmaybe-uninitialized warning in pkix_pl_ldapdefaultclient.c bug 1512605 - incorrect alert description after unencrypted finished msg bug 1564715 - read /proc/cpuinfo when at_hwcap2 returns 0 bug 1532194 - remove or fix...

NSS API Guidelines

Mozilla › Projects › NSS › NSS API Guidelines

(frees are allowed.) the arena_destructor_list preprocessor definition, and the code it encloses, are an effort to make the following work together: arenas, letting you allocate stuff and then removing them all at once lazy creation of pure-memory objects from asn.1 blobs, for example use of nsspkixcertificate doesn't drag all the code in for all constituent objects, unless they're actually being used our agressive pointer-tracking facility all these are useful, but they don't combine well.

SubtleCrypto.unwrapKey() - Web APIs

Web › API › SubtleCrypto › unwrapKey

spki: subjectpublickeyinfo format.

<keygen> - HTML: Hypertext Markup Language

Web › HTML › Element › keygen

publickeyandchallenge ::= sequence { spki subjectpublickeyinfo, challenge ia5string } signedpublickeyandchallenge ::= sequence { publickeyandchallenge publickeyandchallenge, signaturealgorithm algorithmidentifier, signature bit string } the public key and challenge string are der encoded as publickeyandchallenge, and then digitally signed with the private key to produce a signedpublickeyandchallenge.

Public-Key-Pins-Report-Only - HTTP

Web › HTTP › Headers › Public-Key-Pins-Report-Only

header type response header forbidden header name no syntax public-key-pins-report-only: pin-sha256="<pin-value>"; max-age=<expire-time>; includesubdomains; report-uri="<uri>" directives pin-sha256="<pin-value>" the quoted string is the base64 encoded subject public key information (spki) fingerprint.

Public-Key-Pins - HTTP

Web › HTTP › Headers › Public-Key-Pins

header type response header forbidden header name no syntax public-key-pins: pin-sha256="<pin-value>"; max-age=<expire-time>; includesubdomains; report-uri="<uri>" directives pin-sha256="<pin-value>" the quoted string is the base64 encoded subject public key information (spki) fingerprint.

HTTP Public Key Pinning (HPKP) - HTTP

Web › HTTP › Public Key Pinning

enabling hpkp to enable this feature for your site, you need to return the public-key-pins http header when your site is accessed over https: public-key-pins: pin-sha256="base64=="; max-age=expiretime [; includesubdomains][; report-uri="reporturi"] pin-sha256 the quoted string is the base64 encoded subject public key information (spki) fingerprint.