Search completed in 1.17 seconds.
HTMLMediaElement.onencrypted - Web APIs
the on
encrypted property of the htmlmediaelement is an event handler, fired whenever an
encrypted event occurs, denoting the media is
encrypted.
...nt" target="_top"><rect x="331" y="65" width="160" height="50" fill="#f4f7f8" stroke="#d4dde4" stroke-width="2px" /><text x="411" y="94" font-size="12px" font-family="consolas,monaco,andale mono,monospace" fill="#4d4e53" text-anchor="middle" alignment-baseline="middle">htmlmediaelement</text></a></svg></div> a:hover text { fill: #0095dd; pointer-events: all;} syntax htmlmediaelement.on
encrypted = function(
encrypted) { ...
... } specifications specification status comment
encrypted media extensionsthe definition of 'on
encrypted' in that specification.
... desktopmobilechromeedgefirefoxinternet exploreroperasafariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung interneton
encryptedchrome full support yesedge full support 13firefox full support yesie ?
Feature-Policy: encrypted-media - HTTP
the http feature-policy header
encrypted-media directive controls whether the current document is allowed to use the
encrypted media extensions api (eme).
... syntax feature-policy:
encrypted-media <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
...
encrypted media extensionsthe definition of 'feature policy integration' in that specification.
Encrypted Media Extensions API - Web APIs
the
encrypted media extensions api provides interfaces for controlling the playback of content which is subject to a digital restrictions management scheme.
... specifications specification status comment
encrypted media extensions recommendation initial definition ...
Index - Web APIs
1232
encrypted media extensions api api, eme,
encrypted media extensions,
encrypted media extensions api,
encryptedmediaextensions, needscontent, overview, reference the
encrypted media extensions api provides interfaces for controlling the playback of content which is subject to a digital restrictions management scheme.
... 1792 htmlmediaelement.on
encrypted the on
encrypted property of the htmlmediaelement is an event handler, fired whenever an
encrypted event occurs, denoting the media is
encrypted.
... 1802 htmlmediaelement.setmediakeys() api, audio,
encryptedmediaextensions, experimental, htmlmediaelement, media, method, reference, video the setmediakeys() property of the htmlmediaelement interface returns a promise that resolves to the passed mediakeys, which are those used to decrypt media during playback.
...And 38 more matches
Introduction to SSL - Archive of obsolete content
ssl has been universally accepted on the world wide web for authenticated and
encrypted communication between clients and servers.
...it uses tcp/ip on behalf of the higher-level protocols, and in the process allows an ssl-enabled server to authenticate itself to an ssl-enabled client, allows the client to authenticate itself to the server, and allows both machines to establish an
encrypted connection.
... an
encrypted ssl connection requires all information sent between a client and a server to be
encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality.
...And 14 more matches
Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
lename> [-v <\"\">]\n"); exit(-1); } } /* * validate the options used for encrypt command */ static void validateencryptcommand(const char *progname, const char *dbdir, const char *nicknamestr, const char *headerfilename, const char *infilename, const char *
encryptedfilename) { prbool validationfailed = pr_false; if (!nicknamestr) { pr_fprintf(pr_stderr, "%s -e -d %s -n : nick name is missing\n", progname, dbdir); validationfailed = pr_true; } if (!headerfilename) { pr_fprintf(pr_stderr, "%s -e -d %s -n %s -b : header file name is not found\n", progname, dbdir, nicknamestr...
...); validationfailed = pr_true; } if (!infilename) { pr_fprintf(pr_stderr, "%s -e -d %s -n %s -b %s -i : input file name is not found\n", progname, dbdir, nicknamestr, headerfilename); validationfailed = pr_true; } if (!
encryptedfilename) { pr_fprintf(pr_stderr, "%s -e -d %s -n %s -b %s -i %s -e : encrypt file name is not found\n", progname, dbdir, nicknamestr, headerfilename, infilename); validationfailed = pr_true; } if (validationfailed) { fprintf(stderr, "\nusage: %s %s \n\n", progname, "-e -d <dbdirpath> -b <headerfilename> -i <ipfilename> -e <encryptfilename> -n <nickname> \n"); exit(-1); } } /* * validate the options used for sign comm...
...f(stderr, "\nusage: %s %s \n\n", progname, "-i -d <dbdirpath> -b <headerfilename> -i <ipfilename> \n"); exit(-1); } } /* * validate the options used for decrypt command */ static void validatedecryptcommand(const char *progname, const char *dbdir, const char *headerfilename, const char *
encryptedfilename, const char *outfilename) { prbool validationfailed = pr_false; if (!headerfilename) { pr_fprintf(pr_stderr, "%s -d -d %s -b : header file name is not found\n", progname, dbdir); validationfailed = pr_true; } if (!
encryptedfilename) { pr_fprintf(pr_stderr, "%s -d -d %s -b %s -e : encrypt file name ...
...And 13 more matches
Encrypt Decrypt_MAC_Using Token
*/ secstatus decryptandverifymac(const char* outfilename, char *
encryptedfilename, secitem *citem, secitem *macitem, pk11symkey* ek, pk11symkey* mk, secitem *ivitem, secitem *paditem) { secstatus rv; prfiledesc* infile; prfiledesc* outfile; unsigned char decbuf[64]; unsigned int decbuflen; unsigned char ptext[blocksize]; unsigned int ptextlen = 0; unsigned char ctext[64]; unsigned int ctextlen; unsig...
... */ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
...name, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_aes_cbc); filelength = filesize(
encryptedfilename); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv.
...And 12 more matches
sample2
tionfailed = pr_true; } if (validationfailed) { fprintf(stderr, "\nusage: %s %s \n\n", progname, "-s -d <dbdirpath> -n <nickname> -b <headerfilename> [-v <\"\">]\n"); exit(-1); } } /* * validate the options used for encrypt command */ static void validateencryptcommand(const char *progname, const char *dbdir, const char *nicknamestr, const char *headerfilename, const char *infilename, const char *
encryptedfilename) { prbool validationfailed = pr_false; if (!nicknamestr) { pr_fprintf(pr_stderr, "%s -e -d %s -n : nick name is missing\n", progname, dbdir); validationfailed = pr_true; } if (!headerfilename) { pr_fprintf(pr_stderr, "%s -e -d %s -n %s -b : header file name is not found\n", progname, dbdir, nicknamestr); validationfailed = pr_true; } if (!infilename) { pr_fprintf(pr_stderr, "%s -e -d %s -...
...n %s -b %s -i : input file name is not found\n", progname, dbdir, nicknamestr, headerfilename); validationfailed = pr_true; } if (!
encryptedfilename) { pr_fprintf(pr_stderr, "%s -e -d %s -n %s -b %s -i %s -e : encrypt file name is not found\n", progname, dbdir, nicknamestr, headerfilename, infilename); validationfailed = pr_true; } if (validationfailed) { fprintf(stderr, "\nusage: %s %s \n\n", progname, "-e -d <dbdirpath> -b <headerfilename> -i <ipfilename> -e <encryptfilename> -n <nickname> \n"); exit(-1); } } /* * validate the options used for sign command */ static void validatesigncommand(const char *progname, const char *dbdir, const char *nicknamestr, const char *headerfilename, const char *infilename) { prbool validationfailed = pr_false; if (!nicknamestr) { pr_fprintf(pr_stderr, "%s -i -d %...
... is not found\n", progname, dbdir, headerfilename); validationfailed = pr_true; } if (validationfailed) { fprintf(stderr, "\nusage: %s %s \n\n", progname, "-i -d <dbdirpath> -b <headerfilename> -i <ipfilename> \n"); exit(-1); } } /* * validate the options used for decrypt command */ static void validatedecryptcommand(const char *progname, const char *dbdir, const char *headerfilename, const char *
encryptedfilename, const char *outfilename) { prbool validationfailed = pr_false; if (!headerfilename) { pr_fprintf(pr_stderr, "%s -d -d %s -b : header file name is not found\n", progname, dbdir); validationfailed = pr_true; } if (!
encryptedfilename) { pr_fprintf(pr_stderr, "%s -d -d %s -b %s -e : encrypt file name is not found\n", progname, dbdir, headerfilename); validationfailed = pr_true; } if (!outfil...
...And 12 more matches
Encrypt Decrypt MAC Keys As Session Objects
return null; } } key = pk11_findfixedkey(slot, mechanism, keybuf, 0); if (!key) { pr_fprintf(pr_stderr, "pk11_findfixedkey failed (err %d)\n", pr_geterror()); pk11_freeslot(slot); return null; } return key; } /* * decrypt and verify mac */ secstatus decryptandverifymac(const char* outfilename, char *
encryptedfilename, secitem *citem, secitem *macitem, pk11symkey* ek, pk11symkey* mk, secitem *ivitem, secitem *paditem) { secstatus rv; prfiledesc* infile; prfiledesc* outfile; unsigned char decbuf[64]; unsigned int decbuflen; unsigned char ptext[blocksize]; unsigned int ptextlen = 0; unsigned char ctext[64]; unsigned int ctextlen; unsig...
... */ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
...name, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_aes_cbc); filelength = filesize(
encryptedfilename); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv */ rv = decrypt(ctxenc, decbuf, &decbuflen, sizeof(decbuf), ctext, ctextlen); if (rv != secsuccess) { pr_fprintf(pr_stderr, "decrypt failure\n"); goto cleanup; } ...
...And 11 more matches
Encrypt and decrypt MAC using token
return null; } } key = pk11_findfixedkey(slot, mechanism, keybuf, 0); if (!key) { pr_fprintf(pr_stderr, "pk11_findfixedkey failed (err %d)\n", pr_geterror()); pk11_freeslot(slot); return null; } return key; } /* * decrypt and verify mac */ secstatus decryptandverifymac(const char* outfilename, char *
encryptedfilename, secitem *citem, secitem *macitem, pk11symkey* ek, pk11symkey* mk, secitem *ivitem, secitem *paditem) { secstatus rv; prfiledesc* infile; prfiledesc* outfile; unsigned char decbuf[64]; unsigned int decbuflen; unsigned char ptext[blocksize]; unsigned int ptextlen = 0; unsigned char ctext[64]; unsigned int ctextlen; unsig...
... */ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
...name, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_aes_cbc); filelength = filesize(
encryptedfilename); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv */ rv = decrypt(ctxenc, decbuf, &decbuflen, sizeof(decbuf), ctext, ctextlen); if (rv != secsuccess) { pr_fprintf(pr_stderr, "decrypt failure\n"); goto cleanup; } ...
...And 11 more matches
NSS Sample Code Sample_3_Basic Encryption and MACing
rn null; } } key = pk11_findfixedkey(slot, mechanism, keybuf, 0); if (!key) { pr_fprintf(pr_stderr, "pk11_findfixedkey failed (err %d)\n", pr_geterror()); pk11_freeslot(slot); return null; } return key; } /* * decrypt and verify mac */ secstatus decryptandverifymac( const char* outfilename, char *
encryptedfilename, secitem *citem, secitem *macitem, pk11symkey* ek, pk11symkey* mk, secitem *ivitem, secitem *paditem) { secstatus rv; prfiledesc* infile; prfiledesc* outfile; unsigned char decbuf[64]; unsigned int decbuflen; unsigned char ptext[blocksize]; unsigned int ptextlen = 0; unsigned char ctext[64]; unsigned int ctextlen; unsig...
... */ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
...name, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_aes_cbc); filelength = filesize(
encryptedfilename); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv */ rv = decrypt(ctxenc, decbuf, &decbuflen, sizeof(decbuf), ctext, ctextlen); if (rv != secsuccess) { pr_fprintf(pr_stderr, "decrypt failure\n"); goto cleanup; } ...
...And 11 more matches
EncDecMAC using token object - sample 3
uld not authenticate to token %s.\n", pk11_gettokenname(slot)); if (slot) { pk11_freeslot(slot); } return null; } } key = pk11_findfixedkey(slot, mechanism, keybuf, 0); if (!key) { pr_fprintf(pr_stderr, "pk11_findfixedkey failed (err %d)\n", pr_geterror()); pk11_freeslot(slot); return null; } return key; } /* * decrypt and verify mac */ secstatus decryptandverifymac(const char* outfilename, char *
encryptedfilename, secitem *citem, secitem *macitem, pk11symkey* ek, pk11symkey* mk, secitem *ivitem, secitem *paditem) { secstatus rv; prfiledesc* infile; prfiledesc* outfile; unsigned char decbuf[64]; unsigned int decbuflen; unsigned char ptext[blocksize]; unsigned int ptextlen = 0; unsigned char ctext[64]; unsigned int ctextlen; unsigned char newmac[digestsize]; unsigned int newmaclen = 0; unsigned int ...
...*/ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
... */ outfile = pr_open(outfilename, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } rv = macinit(ctxmac); if (rv != secsuccess) goto cleanup; ctxenc = decryptinit(ek, iv, ivlen, ckm_aes_cbc); filelength = filesize(
encryptedfilename); while ((ctextlen = pr_read(infile, ctext, sizeof(ctext))) > 0) { count += ctextlen; /* decrypt cipher text buffer using cbc and iv */ rv = decrypt(ctxenc, decbuf, &decbuflen, sizeof(decbuf), ctext, ctextlen); if (rv != secsuccess) { pr_fprintf(pr_stderr, "decrypt failure\n"); goto cleanup; } if (decbuflen == 0) break; rv = macupdate(ctxmac, decbuf, decbuflen); if (rv != secsuccess) { goto cleanup; } if (count == filelength) { decbuflen = decbuflen-paddinglen...
...And 11 more matches
Introduction to Public-Key Cryptography - Archive of obsolete content
public-key cryptography and related standards and techniques underlie the security features of many products such as signed and
encrypted email, single sign-on, and secure sockets layer (ssl) communications.
...while in transit, the
encrypted information is unintelligible to an intruder.
... the client sends the name and password across the network, either in the clear or over an
encrypted ssl connection.
...And 10 more matches
Index
this is often sufficient if you encrypt data for yourself, but as soon as you need to exchange signed/
encrypted data with communication partners, using public key encryption simplifies the key management.
...there are tools for managing nss databases, for dumping or verifying certificates, for registering pkcs#11 modules with a database, for processing cms
encrypted/signed messages, etc.
... -d dbdir specify the key/certificate database directory (default is ".") -e envfile specify a file containing an enveloped message for a set of recipients to which you would like to send an
encrypted message.
...And 9 more matches
Enc Dec MAC Output Public Key as CSR
eaderfile(headerfilename, pad, paditem, pr_true); if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not retrieve pad detail from header file\n"); goto cleanup; } cleanup: return rv; } /* * decryptfile */ secstatus decryptfile(pk11slotinfo *slot, const char *outfilename, const char *headerfilename, char *
encryptedfilename, secupwdata *pwdata, prbool ascii) { /* * the db is open read only and we have authenticated to it * open input file, read in header, get iv and wrapped keys and * public key * unwrap the wrapped keys * loop until eof(input): * read a buffer of ciphertext from input file, * save last block of ciphertext ...
... */ infile = pr_open(
encryptedfilename, pr_rdonly , 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n",
encryptedfilename); return secfailure; } /* open the output file.
... */ outfile = pr_open(outfilename, pr_create_file | pr_truncate | pr_rdwr , 00660); if (!outfile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for writing.\n", outfilename); return secfailure; } infilelength = filesize(
encryptedfilename); if (rv == secsuccess) { /* decrypt and remove mac */ rv = decryptandverifymac(outfile, infile, infilelength, &cipheritem, &macitem, enckey, mackey, &ivitem, &paditem); if (rv != secsuccess) { pr_fprintf(pr_stderr, "failed while decrypting and removing mac\n"); } } cleanup: if (enckey) { pk11_freesymkey(enckey); } if (mackey) { pk11_freesymkey(mackey); } if (privkey) ...
...And 9 more matches
NSS functions
xr 3.2 and later ssl_invalidatesession mxr 3.2 and later ssl_localcertificate mxr 3.4 and later ssl_optionget mxr 3.2 and later ssl_optiongetdefault mxr 3.2 and later ssl_optionset mxr 3.2 and later ssl_optionsetdefault mxr 3.2 and later ssl_peercertificate mxr 3.2 and later ssl_pre
encryptedfiletostream mxr 3.2 and later ssl_pre
encryptedstreamtofile mxr 3.2 and later ssl_rehandshake mxr 3.2 and later ssl_rehandshakewithtimeout mxr 3.11.4 and later ssl_resethandshake mxr 3.2 and later ssl_restarthandshakeaftercertreq mxr 3.2 and later ssl_restarthandshakeafterservercert mxr 3.2 and later ...
... pk11_destroytokenobject mxr 3.2 and later pk11_digestbegin mxr 3.2 and later pk11_digestkey mxr 3.2 and later pk11_digestop mxr 3.2 and later pk11_digestfinal mxr 3.2 and later pk11_doesmechanism mxr 3.2 and later pk11_export
encryptedprivatekeyinfo mxr 3.2 and later pk11_export
encryptedprivkeyinfo mxr 3.9 and later pk11_exportprivatekeyinfo mxr 3.2 and later pk11_finalize mxr 3.2 and later pk11_findbestkeamatch mxr 3.2 and later pk11_findcertandkeybyrecipientlist mxr 3.2 and la...
...mxr 3.4 and later pk11_importcert mxr 3.5 and later pk11_importcertforkeytoslot mxr 3.2 and later pk11_importcrl mxr 3.6 and later pk11_importdercert mxr 3.6 and later pk11_importderprivatekeyinfoandreturnkey mxr 3.4 and later pk11_import
encryptedprivatekeyinfo mxr 3.2 and later pk11_importprivatekeyinfo mxr 3.2 and later pk11_importprivatekeyinfoandreturnkey mxr 3.4 and later pk11_importpublickey mxr 3.4 and later pk11_importsymkeywithflags mxr 3.4 and later pk11_initpin mxr 3.2 and later ...
...And 7 more matches
Encryption and Decryption - Archive of obsolete content
decryption is the process of transforming
encrypted information so that it is intelligible again.
... with most modern cryptography, the ability to keep
encrypted information secret is based not on the cryptographic algorithm, which is widely known, but on a number called a key that must be used with the algorithm to produce an
encrypted result or to decrypt previously
encrypted information.
...symmetric-key encryption also provides a degree of authentication, since information
encrypted with one symmetric key cannot be decrypted with any other symmetric key.
...And 5 more matches
NSS Tools ssltap
the tool cannot and does not decrypt any
encrypted message data.
... type = 20 (change_cipher_spec) version = { 3,0 } length = 1 (0x1) 0: 01 |.}sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted >}]<-- [sslrecord { 0: 14 03 00 00 01 |.....
... type = 20 (change_cipher_spec) version = { 3,0 } length = 1 (0x1) 0: 01 |.}]<-- [sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted >}]--> [sslrecord { 0: 17 03 00 01 1f |.....
...And 5 more matches
Transport Layer Security - Web security
http
encrypted using tls is commonly referred to as https.
... tls-
encrypted web traffic is by convention exchanged on port 443 by default, while un
encrypted http uses port 80 by default.
... encryption data is
encrypted while being transmitted between the user agent and the server, in order to prevent it from being read and interpreted by unauthorized parties.
...And 5 more matches
NSS tools : ssltab
} sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] <-- [ sslrecord { 0: 14 03 00 00 01 |.....
...} ] <-- [ sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] --> [ sslrecord { 0: 17 03 00 01 1f |.....
... type = 23 (application_data) version = { 3,0 } length = 287 (0x11f) <
encrypted > } ] <-- [ sslrecord { 0: 17 03 00 00 a0 |....
...And 4 more matches
NSS tools : ssltap
} sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] <-- [ sslrecord { 0: 14 03 00 00 01 |.....
...} ] <-- [ sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] --> [ sslrecord { 0: 17 03 00 01 1f |.....
... type = 23 (application_data) version = { 3,0 } length = 287 (0x11f) <
encrypted > } ] <-- [ sslrecord { 0: 17 03 00 00 a0 |....
...And 4 more matches
NSS tools : ssltap
} sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] <-- [ sslrecord { 0: 14 03 00 00 01 |.....
... } ] <-- [ sslrecord { 0: 16 03 00 00 38 |....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <
encrypted > } ] --> [ sslrecord { 0: 17 03 00 01 1f |.....
... type = 23 (application_data) version = { 3,0 } length = 287 (0x11f) <
encrypted > } ] <-- [ sslrecord { 0: 17 03 00 00 a0 |....
...And 4 more matches
Index - Archive of obsolete content
decryption is the process of transforming
encrypted information so that it is intelligible again.
... 3743 introduction to public-key cryptography security, tutorial public-key cryptography and related standards and techniques underlie the security features of many products such as signed and
encrypted email, single sign-on, and secure sockets layer (ssl) communications.
...ssl has been universally accepted on the world wide web for authenticated and
encrypted communication between clients and servers.
... 3746 ssl and tls security, tutorial the secure sockets layer (ssl) and transport layer security (tls) protocols are universally accepted standards for authenticated and
encrypted communication between clients and servers.
FC_EncryptUpdate
syntax ck_rv fc_encryptupdate( ck_session_handle hsession, ck_byte_ptr ppart, ck_ulong uspartlen, ck_byte_ptr p
encryptedpart, ck_ulong_ptr pus
encryptedpartlen ); parameters hsession [in] session handle.
... ppart [in] pointer to the next block of data to be
encrypted.
...p
encryptedpart [out] pointer to location where
encrypted block is to be stored.
... pus
encryptedpartalen [out] pointer the location where the number of bytes of
encrypted data is to be stored.
sslerr.html
failure -12219 "unspecified failure while processing ssl client key exchange handshake." ssl_error_encryption_failure -12218 "bulk data encryption algorithm failed in selected cipher suite." ssl_error_decryption_failure -12217 "bulk data decryption algorithm failed in selected cipher suite." ssl_error_socket_write_failure -12216 "attempt to write
encrypted data to underlying socket failed." after the data to be sent was
encrypted, the attempt to send it out the socket failed.
... sec_error_no_email_cert -8149 not
encrypted or signed: you do not yet have an email certificate.
... sec_error_no_recipient_certs_query -8148 not
encrypted: you do not have certificates for each of the recipients.
... sec_error_decryption_disallowed -8143 cannot decrypt:
encrypted using a disallowed algorithm or key size.
PKCS11 Implement
they cannot be used for
encrypted s/mime, because they can't decrypt messages.
... signing and decryption tokens can be used for s/mime and for
encrypted transactions over unsecured networks such as the internet.
... encrypting email if you wish to support
encrypted email, your token must be able to look up a certificate by the issuer and serial number attributes.
FC_Decrypt
syntax ck_rv fc_decrypt( ck_session_handle hsession, ck_byte_ptr p
encrypteddata, ck_ulong us
encrypteddatalen, ck_byte_ptr pdata, ck_ulong_ptr pusdatalen ); parameters hsession [in] session handle.
... p
encrypteddata [in] pointer to
encrypted data block.
... us
encrypteddatalen [in] length of the data in bytes.
FC_DecryptDigestUpdate
name fc_decryptdigestupdate - continue a multi-part decrypt and digest operation syntax ck_rv fc_decryptdigestupdate( ck_session_handle hsession, ck_byte_ptr p
encryptedpart, ck_ulong ul
encryptedpartlen, ck_byte_ptr ppart, ck_ulong_ptr pulpartlen ); parameters hsession [in] session handle.
... p
encryptedpart [in] pointer to the
encrypted data part.
... ul
encryptedpartlen [in] length of
encrypted data in bytes.
FC_DecryptUpdate
syntax ck_rv fc_decryptupdate( ck_session_handle hsession, ck_byte_ptr p
encryptedpart, ck_ulong us
encryptedpartlen, ck_byte_ptr ppart, ck_ulong_ptr puspartlen ); parameters hsession [in] session handle.
... p
encryptedpart [in] pointer to the next block of data to be decrypted.
... us
encryptedpartlen [in] length of data block in bytes.
FC_DecryptVerifyUpdate
name fc_decryptverifyupdate - continue a multi-part decrypt and verify operation syntax ck_rv fc_decryptverifyupdate( ck_session_handle hsession, ck_byte_ptr p
encrypteddata, ck_ulong ul
encrypteddatalen, ck_byte_ptr pdata, ck_ulong_ptr puldatalen ); parameters hsession [in] session handle.
... p
encrypteddata [in] pointer to the
encrypted data part.
... ul
encrypteddatalen [in] length of
encrypted data in bytes.
FC_DigestEncryptUpdate
name fc_digestencryptupdate - continue a multi-part digest and encryption operation syntax ck_rv fc_digestencryptupdate( ck_session_handle hsession, ck_byte_ptr ppart, ck_ulong ulpartlen, ck_byte_ptr p
encryptedpart, ck_ulong_ptr pul
encryptedpartlen ); parameters hsession [in] session handle.
...p
encryptedpart [in] pointer to the location which receives the digested and
encrypted part or null.
... pul
encryptedpartlen [in] pointer to the length of the
encrypted part buffer.
FC_Encrypt
syntax ck_rv fc_encrypt( ck_session_handle hsession, ck_byte_ptr pdata, ck_ulong usdatalen, ck_byte_ptr p
encrypteddata, ck_ulong_ptr pus
encrypteddatalen ); parameters hsession [in] session handle.
...p
encrypteddata [out] pointer to location where
encrypted data is to be stored.
... pus
encrypteddatalen [in/out] number of bytes.
FC_SignEncryptUpdate
name fc_signencryptupdate - continue a multi-part signing and encryption operation syntax ck_rv fc_signencryptupdate( ck_session_handle hsession, ck_byte_ptr ppart, ck_ulong ulpartlen, ck_byte_ptr p
encryptedpart, ck_ulong_ptr pul
encryptedpartlen ); parameters hsession [in] session handle.
...p
encryptedpart [in] pointer to the location which receives the signed and
encrypted data part or null.
... pul
encryptedpartlen [in] pointer to the length of the
encrypted part buffer.
NSS tools : cmsutil
-d dbdir specify the key/certificate database directory (default is ".") -e envfile specify a file containing an enveloped message for a set of recipients to which you would like to send an
encrypted message.
... if this is the first
encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).
...specify list of recipients (email addresses) for an
encrypted or enveloped message.
S/MIME functions
mxr 3.2 and later nss_cmscontentinfo_setcontent mxr 3.2 and later nss_cmscontentinfo_setcontent_data mxr 3.2 and later nss_cmscontentinfo_setcontentencalg mxr 3.2 and later nss_cmscontentinfo_setcontent_digesteddata mxr 3.2 and later nss_cmscontentinfo_setcontent_
encrypteddata mxr 3.2 and later nss_cmscontentinfo_setcontent_envelopeddata mxr 3.2 and later nss_cmscontentinfo_setcontent_signeddata mxr 3.2 and later nss_cmsdecoder_cancel mxr 3.2 and later nss_cmsdecoder_finish mxr 3.2 and later nss_cmsdecoder_start mxr ...
...tcontentinfo mxr 3.2 and later nss_cmsderencode mxr 3.2 and later nss_cmsencoder_cancel mxr 3.2 and later nss_cmsencoder_finish mxr 3.2 and later nss_cmsencoder_start mxr 3.2 and later nss_cmsencoder_update mxr 3.2 and later nss_cms
encrypteddata_create mxr 3.2 and later nss_cms
encrypteddata_destroy mxr 3.2 and later nss_cms
encrypteddata_getcontentinfo mxr 3.2 and later nss_cmsenvelopeddata_addrecipient mxr 3.2 and later nss_cmsenvelopeddata_create mxr 3.2 and later nss_cmsenvelopeddata_destroy ...
... later nss_cmsmessage_create mxr 3.2 and later nss_cmsmessage_createfromder mxr 3.2 and later nss_cmsmessage_destroy mxr 3.2 and later nss_cmsmessage_getcontent mxr 3.2 and later nss_cmsmessage_getcontentinfo mxr 3.2 and later nss_cmsmessage_is
encrypted mxr 3.4.1 and later nss_cmsmessage_issigned mxr 3.4 and later nss_cmsrecipientinfo_create mxr 3.2 and later nss_cmsrecipientinfo_createfromder mxr 3.8 and later nss_cmsrecipientinfo_createnew mxr 3.8 and later nss_cmsrecipientinfo_createwithsubjkeyid mx...
NSS Tools cmsutil
-d dbdir specify the key/certificate database directory (default is ".") -e envfile specify a file containing an enveloped message for a set of recipients to which you would like to send an
encrypted message.
... if this is the first
encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).
... specify list of recipients (email addresses) for an
encrypted or enveloped message.
NSS tools : cmsutil
-d dbdir specify the key/certificate database directory (default is ".") -e envfile specify a file containing an enveloped message for a set of recipients to which you would like to send an
encrypted message.
... if this is the first
encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).
... specify list of recipients (email addresses) for an
encrypted or enveloped message.
nsILoginManagerCrypto
can throw if the user cancels entry of their master password, or if the ciphertext value can not be successfully decrypted (for example, if it was
encrypted with some other key).
...astring encrypt( in astring plaintext ); parameters plaintext the string to be
encrypted.
... return value the
encrypted string.
nsILoginManagerStorage
; unsigned long countlogins(in astring ahostname, in astring aactionurl, in astring ahttprealm); void findlogins(out unsigned long count, in astring ahostname, in astring aactionurl, in astring ahttprealm, [retval, array, size_is(count)] out nsilogininfo logins); void getalldisabledhosts([optional] out unsigned long count, [retval, array, size_is(count)] out wstring hostnames); void getall
encryptedlogins([optional] out unsigned long count, [retval, array, size_is(count)] out nsilogininfo logins); void getalllogins([optional] out unsigned long count, [retval, array, size_is(count)] out nsilogininfo logins); boolean getloginsavingenabled(in astring ahost); void init(); void initwithfile(in nsifile ainputfile, in nsifile aoutputfile); void modifylogin(in nsilogininfo oldlogin, in ns...
... getall
encryptedlogins() fetch all logins in the login manager.
...void getall
encryptedlogins( out unsigned long count, optional [retval, array, size_is(count)] out nsilogininfo logins ); parameters count optional the number of elements in the array.
AesCtrParams - Web APIs
in ctr mode, every time a block of the message is
encrypted, an extra block of data is mixed in.
...each time a new message is to be
encrypted, a new nonce is chosen.
...this part of the block gets incremented each time a block is
encrypted.
HTMLMediaElement - Web APIs
event handlers htmlmediaelement.on
encrypted sets the eventhandler called when the media is
encrypted.
... waiting fired when playback has stopped because of a temporary lack of data specifications specification status comment
encrypted media extensionsthe definition of '
encrypted media extensions' in that specification.
... recommendation adds mediakeys, media
encryptedevent, setmediakeys, on
encrypted, and onwaitingforkey.
SubtleCrypto.encrypt() - Web APIs
it returns a promise which will be fulfilled with the
encrypted data (also known as "ciphertext").
... data is a buffersource containing the data to be
encrypted (also known as the plaintext).
...= new uint8array(16); let key = new uint8array(16); let data = new uint8array(12345); //crypto functions are wrapped in promises so we have to use await and make sure the function that //contains this code is an async function //encrypt function wants a cryptokey object const key_encoded = await crypto.subtle.importkey( "raw", key.buffer, 'aes-ctr' , false, ["encrypt", "decrypt"]); const
encrypted_content = await window.crypto.subtle.encrypt( { name: "aes-ctr", counter: iv, length: 128 }, key_encoded, data ); //uint8array console.log(
encrypted_content); aes-cbc this code fetches the contents of a text box, encodes it for encryption, and encrypts it using aes in cbc mode.
SubtleCrypto.unwrapKey() - Web APIs
this means that it takes as its input a key that has been exported and then
encrypted (also called "wrapped").
...the key was exported in "raw" format and
encrypted using the aes-kw algorithm, with a key derived from a password.
...the key was exported in "pkcs8" format and
encrypted using the aes-gcm algorithm, with a key derived from a password.
SubtleCrypto - Web APIs
subtlecrypto.encrypt() returns a promise that fufills with the
encrypted data corresponding to the clear text, algorithm, and key given as parameters.
... subtlecrypto.decrypt() returns a promise that fulfills with the clear data corresponding to the
encrypted text, algorithm, and key given as parameters.
...the exportkey() function exports the key in an un
encrypted format.
JavaScript Client API - Archive of obsolete content
further, you agree (a) to maintain and link to (including on websites from which your third party client may be downloaded) a separate, conspicuous, and reasonably detailed privacy policy detailing how data collected or transmitted by your third party client is managed and protected; (b) that your third party client will only store data in
encrypted form on the firefox sync servers operated by mozilla; (c) that you and your third party client will use the firefox sync apis solely for their intended purpose; (d) that your third party client will not hide or mask its identity as it uses the services and/or firefox sync apis, including by failing to follow required identification conventions; and (e) that you and your third party client will no...
...put into it all values that you want to have
encrypted, stored on the server, decrypted, and synced up.
Digital Signatures - Archive of obsolete content
the keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is either impossible or prohibitively expensive.the
encrypted hash, along with other information, such as the hashing algorithm, is known as a digital signature.
... figure 1 shows two items transferred to the recipient of some signed data: the original data and the digital signature, which is basically a one-way hash (of the original data) that has been
encrypted with the signer's private key.
Security - Archive of obsolete content
decryption is the process of transforming
encrypted information so that it is intelligible again.introduction to public-key cryptographypublic-key cryptography and related standards and techniques underlie the security features of many products such as signed and
encrypted email, single sign-on, and secure sockets layer (ssl) communications.
...ssl has been universally accepted on the world wide web for authenticated and
encrypted communication between clients and servers.nspr release engineering guidethis paper is for engineers performing formal release for the netscape portable runtime (nspr) across all platforms.ssl and tlsthe secure sockets layer (ssl) and transport layer security (tls) protocols are universally accepted standards for authenticated and
encrypted communication between clients and servers.
Index - MDN Web Docs Glossary: Definitions of Web-related terms
8 http/2 glossary, http, infrastructure, reference, web performance, l10n:priority http/2 is a major revision of the http network protocol 199 http/3 http, intro, needscontent http/3 is the upcoming major revision of the http network protocol 200 https glossary, https, infrastructure, security https (hypertext transfer protocol secure) is an
encrypted version of the http protocol.
... 407 secure sockets layer (ssl) glossary, ssl, security, tls, web performance secure sockets layer, or ssl, was the old standard security technology for creating an
encrypted network link between a server and client, ensuring all data passed is private and secure.
Sending form data - Learn web development
when you do this, the data is
encrypted along with the rest of the request, even if the form itself is hosted on an insecure page accessed using http.
... on the other hand, if the form is hosted on a secure page but you specify an insecure http url with the action attribute, all browsers display a security warning to the user each time they try to send data because the data will not be
encrypted.
Experimental features in Firefox
nightly 73 no developer edition 73 no beta 73 no release 73 no preference name layout.css.constructable-stylesheets.enabled webrtc and media the following experimental features include those found in the webrtc api, the web audio api, the media session api, the media source extensions api, the
encrypted media extensions api, and the media capture and streams api.
... nightly 81 yes developer edition — — beta — — release — — preference name — security and privacy block plain text requests from flash on
encrypted pages in order to help mitigate man-in-the-middle (mitm) attacks caused by flash content on
encrypted pages, a preference has been added to treat object_subrequests as active content.
An overview of NSS Internals
this is often sufficient if you encrypt data for yourself, but as soon as you need to exchange signed/
encrypted data with communication partners, using public key encryption simplifies the key management.
...there are tools for managing nss databases, for dumping or verifying certificates, for registering pkcs#11 modules with a database, for processing cms
encrypted/signed messages, etc.
Cryptography functions
pk11_destroytokenobject mxr 3.2 and later pk11_digestbegin mxr 3.2 and later pk11_digestkey mxr 3.2 and later pk11_digestop mxr 3.2 and later pk11_digestfinal mxr 3.2 and later pk11_doesmechanism mxr 3.2 and later pk11_export
encryptedprivatekeyinfo mxr 3.2 and later pk11_export
encryptedprivkeyinfo mxr 3.9 and later pk11_exportprivatekeyinfo mxr 3.2 and later pk11_finalize mxr 3.2 and later pk11_findbestkeamatch mxr 3.2 and later pk11_findcertandkeybyrecipientlist mxr 3.2 and la...
...mxr 3.4 and later pk11_importcert mxr 3.5 and later pk11_importcertforkeytoslot mxr 3.2 and later pk11_importcrl mxr 3.6 and later pk11_importdercert mxr 3.6 and later pk11_importderprivatekeyinfoandreturnkey mxr 3.4 and later pk11_import
encryptedprivatekeyinfo mxr 3.2 and later pk11_importprivatekeyinfo mxr 3.2 and later pk11_importprivatekeyinfoandreturnkey mxr 3.4 and later pk11_importpublickey mxr 3.4 and later pk11_importsymkeywithflags mxr 3.4 and later pk11_initpin mxr 3.2 and later ...
NSS 3.14.3 release notes
new pkcs #11 mechanisms ckm_nss_hmac_constant_time - constant-time hmac operation for use when verifying a padded, mac-then-
encrypted block of data.
... ckm_nss_ssl3_mac_constant_time - constant-time mac operation for use when verifying a padded, mac-then-
encrypted block of data using the sslv3 mac.
NSS 3.35 release notes
for stronger security, when creating
encrypted pkcs#7 or pkcs#12 data, the iteration count for the password based encryption algorithm has been increased to one million iterations.
... nss 3.30 had introduced a regression, preventing nss from reading some aes
encrypted data, produced by older versions of nss.
NSS Sample Code sample2
* note: iv is only needed if cipher blocking chaining (cbc) mode of encryption * is used * * the recommended approach is to store and transport wrapped (
encrypted) * des keys (ivs can be in the clear).
... rv1 = pk11_cipherop(enccontext, buf1, &tmp1_outlen, sizeof(buf1), data, strlen(data)+1); rv2 = pk11_digestfinal(enccontext, buf1+tmp1_outlen, &tmp2_outlen, sizeof(buf1)-tmp1_outlen); pk11_destroycontext(enccontext, pr_true); result_len = tmp1_outlen + tmp2_outlen; if (rv1 != secsuccess || rv2 != secsuccess) goto out; fprintf(stderr, "
encrypted data: "); for (i=0; i<result_len; i++) fprintf(stderr, "%02x ", buf1[i]); fprintf(stderr, "\n"); /* decrypt buf1 into buf2.
Overview of NSS
the secure sockets layer (ssl) protocol allows mutual authentication between a client and server and the establishment of an authenticated and
encrypted connection.
...ietf message specification (based on the popular internet mime standard) that provides a consistent way to send and receive signed and
encrypted mime data.
PKCS 7 functions
function name/documentation source code nss versions sec_pkcs7addcertificate mxr 3.3 and later sec_pkcs7addrecipient mxr 3.2 and later sec_pkcs7addsigningtime mxr 3.2 and later sec_pkcs7containscertsorcrls mxr 3.4 and later sec_pkcs7contentis
encrypted mxr 3.4 and later sec_pkcs7contentissigned mxr 3.4 and later sec_pkcs7contenttype mxr 3.2 and later sec_pkcs7copycontentinfo mxr 3.4 and later sec_pkcs7createcertsonly mxr 3.3 and later sec_pkcs7createdata mxr 3.2 and later sec_pkc...
...s7create
encrypteddata mxr 3.2 and later sec_pkcs7createenvelopeddata mxr 3.2 and later sec_pkcs7createsigneddata mxr 3.2 and later sec_pkcs7decodeitem mxr 3.2 and later sec_pkcs7decoderabort mxr 3.9 and later sec_pkcs7decoderfinish mxr 3.2 and later sec_pkcs7decoderstart mxr 3.2 and later sec_pkcs7decoderupdate mxr 3.2 and later sec_pkcs7decryptcontents mxr 3.2 and later sec_pkcs7destroycontentinfo mxr 3.2 and later sec_pkcs7encode mxr 3.3 and later sec_pkcs7encodeitem mxr 3.9.3 and l...
FC_EncryptFinal
syntax ck_rv fc_encryptfinal( ck_session_handle hsession, ck_byte_ptr plast
encryptedpart, ck_ulong_ptr puslast
encryptedpartlen ); parameters hsession [in] session handle.
... plast
encryptedpart [out] pointer to the location that receives the last
encrypted data part, if any puslast
encryptedpartlen [in,out] pointer to location where the number of bytes of the last
encrypted data part is to be stored.
FC_InitToken
(user certs are the certificates that have their associated private keys in the key database.) a user must be able to call fc_inittoken() without logging into the token (to assume the nss user role) because either the user's password hasn't been set yet or the user forgets the password and needs to blow away the password-
encrypted private key database and start over.
...you won't be able to decrypt the data, such as mozilla's stored passwords, that were
encrypted using any of those keys.
sslintro.html
upgraded documentation may be found in the current nss reference overview of an ssl application chapter 1 overview of an ssl application ssl and related apis allow compliant applications to configure sockets for authenticated, tamper-proof, and
encrypted communications.
...for simple
encrypted and authenticated communications, no further calls to ssl functions are required.
nsIAuthPrompt2
ew nsicancelable asyncpromptauth(in nsichannel achannel, in nsiauthpromptcallback acallback, in nsisupports acontext, in pruint32 level, in nsiauthinformation authinfo); boolean promptauth(in nsichannel achannel, in pruint32 level, in nsiauthinformation authinfo); constants constant value description level_none 0 the password will be sent un
encrypted.
... level_pw_
encrypted 1 password will be sent
encrypted, but the connection is otherwise insecure.
AesGcmParams - Web APIs
note that the iv does not have to be secret, just unique: so it is ok, for example, to transmit it in the clear alongside the
encrypted message.
...this contains additional data that will not be
encrypted but will be authenticated along with the
encrypted data.
MediaKeyMessageEvent - Web APIs
the mediakeymessageevent interface of the
encryptedmediaextensions api contains the content and related data when the content decryption module generates a message for the session.
... examples // tbd specifications specification status comment
encrypted media extensionsthe definition of 'mediakeymessageevent' in that specification.
MediaKeySession - Web APIs
the mediakeysession interface of the
encryptedmediaextensions api represents a context for message exchange with a content decryption module (cdm).
... examples // tbd specifications specification status comment
encrypted media extensionsthe definition of 'mediakeysession' in that specification.
MediaKeyStatusMap - Web APIs
the mediakeystatusmap interface of the
encryptedmediaextensions api is a read-only map of media key statuses by key ids.
... specifications specification status comment
encrypted media extensionsthe definition of 'mediakeystatusmap' in that specification.
MediaKeySystemAccess - Web APIs
the mediakeysystemaccess interface of the
encryptedmediaextensions api provides access to a key system for decryption and/or a content protection provider.
... specifications specification status comment
encrypted media extensionsthe definition of 'mediakeysystemaccess' in that specification.
MediaKeys - Web APIs
the mediakeys interface of
encryptedmediaextensions api represents a set of keys that an associated htmlmediaelement can use for decryption of media data during playback.
... examples //tbd specifications specification status comment
encrypted media extensionsthe definition of 'mediakeys' in that specification.
Navigator.requestMediaKeySystemAccess() - Web APIs
this method is part of the
encrypted media extensions api, which brings support for
encrypted media and drm-protected video to the web.
... specifications specification status comment
encrypted media extensionsthe definition of 'requestmediakeysystemaccess()' in that specification.
SubtleCrypto.wrapKey() - Web APIs
syntax const result = crypto.subtle.wrapkey( format, key, wrappingkey, wrapalgo ); parameters format is a string describing the data format in which the key will be exported before it is
encrypted.
... return value result is a promise that fulfills with an arraybuffer containing the
encrypted exported key.
HTTP authentication - HTTP
here, the <type> is needed again followed by the credentials, which can be encoded or
encrypted depending on which authentication scheme is used.
...the auth_basic_user_file directive then points to a .htpasswd file containing the
encrypted user credentials, just like in the apache example above.
Evolution of HTTP - HTTP
instead of sending http over a basic tcp/ip stack, netscape communications created an additional
encrypted transmission layer on top of it: ssl.
... during the same time, the need for an
encrypted transport layer raised: the web left the relative trustiness of a mostly academic network, to a jungle where advertisers, random individuals or criminals compete to get as much private information about people, try to impersonate them or even to replace data transmitted by altered ones.
Index - HTTP
66 feature-policy:
encrypted-media directive, eme, feature policy, feature-policy, http, reference the http feature-policy header
encrypted-media directive controls whether the current document is allowed to use the
encrypted media extensions api (eme).
... 109 upgrade-insecure-requests http, https, security, header the http upgrade-insecure-requests request header sends a signal to the server expressing the client’s preference for an
encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests csp directive.
HTTP Index - HTTP
130 feature-policy:
encrypted-media directive, eme, feature policy, feature-policy, http, reference the http feature-policy header
encrypted-media directive controls whether the current document is allowed to use the
encrypted media extensions api (eme).
... 190 upgrade-insecure-requests http, https, security, header the http upgrade-insecure-requests request header sends a signal to the server expressing the client’s preference for an
encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests csp directive.
Mixed content - Web security
when a user visits a page served over https, their connection with the web server is
encrypted with tls and is therefore safeguarded from most sniffers and man-in-the-middle attacks.
...pages like this are only partially
encrypted, leaving the un
encrypted content accessible to sniffers and man-in-the-middle attackers.
Web security
https https (hypertext transfer protocol secure) is an
encrypted version of the http protocol.
...pages like this are only partially
encrypted, leaving the un
encrypted content accessible to sniffers and man-in-the-middle attackers.
NSS Certificate Download Specification
this is intended to allow people or cas to post their e-mail certificates on web pages for download by other users who want to send them
encrypted mail.
NSS FAQ
nss includes detailed documentation of the ssl api and sample code that demonstrates basic ssl functionality (setting up an
encrypted session, server authentication, and client authentication) to help jump start the integration process.
FIPS Mode - an explanation
except for "public keys", it must not allow any keys to leave it (to get outside of it) unless they are
encrypted ("wrapped") in a special way.
JSS Provider Notes
in this case, the key should be wrapped (
encrypted with another key), and then the
encrypted key might be extractable from the token.
Mozilla-JSS JCA Provider notes
in this case, the key should be wrapped (
encrypted with another key), and then the
encrypted key might be extractable from the token.
NSS 3.15.4 release notes
bug 919877 - (cve-2013-1740) when false start is enabled, libssl will sometimes return un
encrypted, unauthenticated data from pr_recv new in nss 3.15.4 new functionality implemented ocsp querying using the http get method, which is the new default, and will fall back to the http post method.
NSS 3.27 release notes
hard limits on the maximum number of tls records
encrypted with the same key are enforced.
NSS 3.30 release notes
the pk12util tool now supports importing and exporting data
encrypted in the aes based schemes defined in pkcs#5 v2.1.
NSS 3.36.1 release notes
notable changes in nss 3.36.1 in nss version 3.35 the iteration count in optimized builds, which is used for password based encryption algorithm related to
encrypted pkcs#7 or pkcs#12 data, was increased to one million iterations.
NSS 3.40 release notes
nss 3.40 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_40_rtm/src/ new in nss 3.40 new functionality the draft-00 version of
encrypted sni support is implemented tstclnt now takes -n option to specify
encrypted sni key new functions none notable changes in nss 3.40 the mozilla::pkix library has been ported from mozilla psm to nss.
NSS 3.46 release notes
ug 1453408 - modutil -changepw fails in fips mode if password is an empty string bug 1564727 - use a pss spki when possible for delegated credentials bug 1493916 - fix ppc64 inline assembler for clang bug 1561588 - remove -wmaybe-uninitialized warning in p7env.c bug 1561548 - remove -wmaybe-uninitialized warning in pkix_pl_ldapdefaultclient.c bug 1512605 - incorrect alert description after un
encrypted finished msg bug 1564715 - read /proc/cpuinfo when at_hwcap2 returns 0 bug 1532194 - remove or fix -ddebug_$user from make builds bug 1565577 - visual studio's cl.exe -?
NSS API Guidelines
pkcs #12 lib/pkcs12 pkcs12t.h, pkcs12.h, p12plcy.h, p12.h, p12t.h pkcs7 provides functions and types for encoding and decoding
encrypted data in pkcs #7 format.
NSS Sample Code sample4
\n", pr_geterror()); goto cleanup; } modulus_len = seckey_publickeystrength(pubkey); fprintf(stderr, "public key modulus %d bytes\n", modulus_len); buf1 = (char *)malloc(modulus_len); buf2 = (char *)malloc(modulus_len); /* initialize buf1 */ for (i=0;i<modulus_len;i++) { buf1[i]= (i %26) + 'a'; } buf1[modulus_len-1] = '\0'; fprintf(stderr, "buffer being
encrypted = \n%s\n", buf1); /* encrypt buf1, result will be in buf2 */ rv = pk11_pubencryptraw(pubkey, buf2, buf1, modulus_len, null); if (rv != secsuccess) { fprintf(stderr, "encrypt with public key failed (err %d)\n", pr_geterror()); goto cleanup; } pvtkey = pk11_findkeybyanycert(cert, null); if (pvtkey == null) { fprintf(stderr, "couldn't find private key for ce...
NSS Sample Code sample5
key (err %d)\n", pr_geterror()); goto cleanup; } modulus_len = seckey_publickeystrength(pubkey); fprintf(stderr, "public key modulus %d bytes\n", modulus_len); buf1 = (char *)malloc(modulus_len); buf2 = (char *)malloc(modulus_len); /* initialize buf1 */ for (i=0;i<modulus_len;i++) { buf1[i]= (i %26) + 'a'; } buf1[modulus_len-1] = '\0'; fprintf(stderr, "buffer being
encrypted = \n%s\n", buf1); /* encrypt buf1, result will be in buf2 */ rv = pk11_pubencryptraw(pubkey, buf2, buf1, modulus_len, null); if (rv != secsuccess) { fprintf(stderr, "encrypt with public key failed (err %d)\n", pr_geterror()); goto cleanup; } nickname.type = sibuffer; nickname.data = "pvtkeynickname"; nickname.len = strlen("pvtkeynickname"); rv = atob_conver...
nss tech note7
key pairs may be generated elsewhere, exported in
encrypted form, and imported into a crypto module.
PKCS 12 functions
unction name/documentation source code nss versions sec_pkcs12addcertandkey mxr 3.2 and later sec_pkcs12addpasswordintegrity mxr 3.2 and later sec_pkcs12createexportcontext mxr 3.2 and later sec_pkcs12createpasswordprivsafe mxr 3.2 and later sec_pkcs12createun
encryptedsafe mxr 3.2 and later sec_pkcs12decoderfinish mxr 3.2 and later sec_pkcs12decodergetcerts mxr 3.4 and later sec_pkcs12decoderimportbags mxr 3.2 and later sec_pkcs12decoderiterateinit mxr 3.10 and later sec_pkcs12decoderiteratenext mxr 3.10 and lat...
NSC_InitToken
you won't be able to decrypt the data, such as mozilla's stored passwords, that were
encrypted using any of those keys.
NSS reference
sec_pkcs12createexportcontext sec_pkcs12createpasswordprivsafe sec_pkcs12createun
encryptedsafe sec_pkcs12addcertandkey sec_pkcs12addpasswordintegrity sec_pkcs12enablecipher sec_pkcs12encode sec_pkcs12destroyexportcontext sec_pkcs12decoderstart sec_pkcs12decoderimportbags sec_pkcs12decoderupdate sec_pkcs12decoderfinish sec_pkcs12decodervalidatebags sec_pkcs12decoderverify sec_pkcs12decodergetcerts sec_pkcs12decodersettargettokencas sec_pkcs12decoderiterateinit sec_pkcs12d...
OLD SSL Reference
upgraded documentation may be found in the current nss reference ssl reference newsgroup: mozilla.dev.tech.crypto writer: sean cotter manager: wan-teh chang chapter 1 overview of an ssl application ssl and related apis allow compliant applications to configure sockets for authenticated, tamper-proof, and
encrypted communications.
SSL functions
xr 3.2 and later ssl_invalidatesession mxr 3.2 and later ssl_localcertificate mxr 3.4 and later ssl_optionget mxr 3.2 and later ssl_optiongetdefault mxr 3.2 and later ssl_optionset mxr 3.2 and later ssl_optionsetdefault mxr 3.2 and later ssl_peercertificate mxr 3.2 and later ssl_pre
encryptedfiletostream mxr 3.2 and later ssl_pre
encryptedstreamtofile mxr 3.2 and later ssl_rehandshake mxr 3.2 and later ssl_rehandshakewithtimeout mxr 3.11.4 and later ssl_resethandshake mxr 3.2 and later ssl_restarthandshakeaftercertreq mxr 3.2 and later ssl_restarthandshakeafterservercert mxr 3.2 and later ...
Utility functions
secitem_compareitem mxr 3.2 and later secitem_copyitem mxr 3.2 and later secitem_dupitem mxr 3.2 and later secitem_freeitem mxr 3.2 and later secitem_itemsareequal mxr 3.8 and later secitem_zfreeitem mxr 3.2 and later seckey_copy
encryptedprivatekeyinfo mxr 3.2 and later seckey_copyprivatekeyinfo mxr 3.2 and later seckey_creatersaprivatekey mxr 3.2 and later seckey_destroy
encryptedprivatekeyinfo mxr 3.2 and later seckey_destroyprivatekeyinfo mxr 3.2 and later seckey_destroypublickey mxr ...
Performance
this will lead to errors that say "database is
encrypted" because the tool is not able to recognize the file format.
Autoconfiguration in Thunderbird
guessing if all other mechanisms failed, thunderbird tries to guess the configuration, by trying common server names like imap.<domain>, smtp.<domain>, mail.<domain> etc., and, when a mail server answers, checking whether it supports ssl, starttls and
encrypted passwords (cram-md5).
AesCbcParams - Web APIs
however, it need not be secret (for example, it may be transmitted un
encrypted along with the ciphertext).
message - Web APIs
syntax var messagetype = mediakeymessageevent.messagetype; specifications specification status comment
encrypted media extensionsthe definition of 'message' in that specification.
MediaKeyMessageEvent.messageType - Web APIs
syntax var messagetype = mediakeymessageevent.messagetype; specifications specification status comment
encrypted media extensionsthe definition of 'messagetype' in that specification.
close() - Web APIs
specifications specification status comment
encrypted media extensionsthe definition of 'close()' in that specification.