Search completed in 1.40 seconds.
231 results for "Signature":
Your results are loading. Please wait...
Digital Signatures - Archive of obsolete content
the keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is either impossible or prohibitively expensive.the encrypted hash, along with other information, such as the hashing algorithm, is known as a digital signature.
... figure 1 shows a simplified view of the way a digital signature can be used to validate the integrity of signed data.
... figure 1 shows two items transferred to the recipient of some signed data: the original data and the digital signature, which is basically a one-way hash (of the original data) that has been encrypted with the signer's private key.
...And 6 more matches
Signature (functions) - MDN Web Docs Glossary: Definitions of Web-related terms
a function signature (or type signature, or method signature) defines input and output of functions or methods.
... a signature can include: parameters and their types a return value and type exceptions that might be thrown or passed back information about the availability of the method in an object-oriented program (such as the keywords public, static, or prototype).
... in depth signatures in javascript javascript is a loosely typed or a dynamic language.
...And 3 more matches
nsIDataSignatureVerifier
security/manager/ssl/public/nsidatasignatureverifier.idlscriptable an interface for verifying that a given string of data was signed by the private key matching the given public key.
... 1.0 66 introduced gecko 1.9 inherits from: nsisupports last changed in gecko 1.9 (firefox 3) method overview boolean verifydata(in acstring adata, in acstring asignature, in acstring apublickey); methods verifydata() verifies that the data matches the data that was used to generate the signature.
... boolean verifydata( in acstring adata, in acstring asignature, in acstring apublickey ); parameters adata the data to be tested.
...And 2 more matches
Signature (security) - MDN Web Docs Glossary: Definitions of Web-related terms
a signature, or digital signature, is a protocol showing that a message is authentic.
... from the hash of a given message, the signing process first generates a digital signature linked to the signing entity, using the entity's private key.
... on receiving the message, the verification process authenticates the sender - uses the sender's public key to decrypt the signature and recover the hash, which can only be created with the sender's private key, and checks message integrity - compares the hash with a newly calculated one from the received document (the two hashes will differ if the document has been tampered with) the system fails if the private key is compromised or the recipient is deceitfully given the wrong public key.
... learn more general knowledge digital signature on wikipedia see digest, encryption ...
Signature - MDN Web Docs Glossary: Definitions of Web-related terms
the term signature can have several meanings depending on the context.
... it may refer to: signature (functions) a function signature (or type signature, or method signature) defines input and output of functions or methods.
... signature (security) a signature, or digital signature, is a protocol showing that a message is authentic.
... learn more signature on wikipedia ...
AuthenticatorAssertionResponse.signature - Web APIs
the signature read-only property of the authenticatorassertionresponse interface is an arraybuffer object which is the signature of the authenticator for both authenticatorassertionresponse.authenticatordata and a sha-256 hash of the client data (authenticatorassertionresponse.clientdatajson).
... this signature will be sent to the server for control, as part of the response.
... syntax signature = authenticatorassertionresponse.signature value an arraybuffer object which the signature of the authenticator (using its private key) for both authenticatorassertionresponse.authenticatordata and a sha-256 hash given by the client for its data (the challenge, the origin, etc.
... examples var options = { challenge: new uint8array(26), // will be another value, provided by the relying party server timeout: 60000 }; navigator.credentials.get({ publickey: options }) .then(function (assertionpkcred) { var signature = assertionpkcred.response.signature; // send response and client extensions to the server so that it can // go on with the authentication }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'signature' in that specification.
Weak signature algorithms - Web security
this article provides some information about signature algorithms known to be weak, so you can avoid them when appropriate.
... md5 support for md5 based signatures was removed in early 2012.
Index
a certificate contains lots of other details; for example, it contains a signature by a third party that expresses trust in the ownership relationship for the certificate.
... key responsibilites of nss are verification of signatures and certificates.
... in order to verify a digital signature, we have to look at the application data (e.g., a document that was signed), the signature data block (the digital signature), and a public key (as found in a certificate that is believed to be the signer, e.g., identified by metadata received together with the signature).
...And 39 more matches
Introduction to Public-Key Cryptography - Archive of obsolete content
for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." public-key cryptography is a set of well-established techniques and standards for protecting communications from eavesdropping, tampering, and impersonation attacks.
...most importantly, a certificate always includes the digital signature of the issuing ca.
... the ca's digital signature allows the certificate to function as a "letter of introduction" for users who know and trust the ca but don't know the entity identified by the certificate.
...And 26 more matches
SubtleCrypto.verify() - Web APIs
the verify() method of the subtlecrypto interface verifies a digital signature.
... it takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data.
... it returns a promise which will be fulfilled with a boolean value indicating whether the signature is valid.
...And 21 more matches
A guide to searching crash reports
specifically, crash-stats offers two basic functions: searching you can search the crash reports database by over 100 criteria: crash signature, date, platform, product, version, etc.
... the default search: signature facet if you click on the "search" button, you will get results like the ones in the following screenshot.
... by default, the "signature facet" tab is selected.
...And 17 more matches
nsISyncJPAKE
void final( in acstring ab, in acstring agvb, in acstring arb, in acstring ahkdfinfo, out acstring aaes256key, out acstring ahmac256key ); parameters ab schnorr signature value b, in hex representation.
... agvb schnorr signature value g^vb (vb is a random value), in hex representation.
... arb schnorr signature value rb = vb - xb * h, in hex representation.
...And 15 more matches
NSS tools : signtool
on level] ] [[-d cert-dir] ] [[-i installer script] ] [[-m metafile] ] [[-x name] ] [[-f filename] ] [[-t|--token tokenname] ] [[-e extension] ] [[-o] ] [[-z] ] [[-x] ] [[--outfile] ] [[--verbose value] ] [[--norecurse] ] [[--leavearc] ] [[-j directory] ] [[-z jarfile] ] [[-o] ] [[-p password] ] [directory-tree] [archive] description the signing tool, signtool, creates digital signatures and uses a java archive (jar) file to associate the signatures with files in a directory.
...to help address some of these problems, you can associate digital signatures with the files in a jar archive.
... digital signatures allow ssl-enabled clients to perform two important operations: * confirm the identity of the individual, company, or other entity whose digital signature is associated with the files * check whether the files have been tampered with since being signed if you have a signing certificate, you can use netscape signing tool to digitally sign files and package them as a jar file.
...And 12 more matches
Introduction to SSL - Archive of obsolete content
in the case of client authentication, the client encrypts some random data with the client's private key-that is, it creates a digital signature.
... the public key in the client's certificate can correctly validate the digital signature only if the corresponding private key was used.
... otherwise, the server cannot validate the digital signature and the session is terminated.
...And 10 more matches
Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
pubkey_trailer "-----end pub key -----" #define ns_certreq_header "-----begin new certificate request-----" #define ns_certreq_trailer "-----end new certificate request-----" #define ns_cert_enc_header "-----begin certificate for encryption-----" #define ns_cert_enc_trailer "-----end certificate for encryption-----" #define ns_cert_vfy_header "-----begin certificate for signature verification-----" #define ns_cert_vfy_trailer "-----end certificate for signature verification-----" #define ns_sig_header "-----begin signature-----" #define ns_sig_trailer "-----end signature-----" #define ns_cert_header "-----begin certificate-----" #define ns_cert_trailer "-----end certificate-----" /* sample 6 commands */ typedef enum { generate_csr...
...r_stderr, "problem while sgn_update\n"); goto cleanup; } } rv = sgn_end(sgn, res); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while sgn_end\n"); goto cleanup; } cleanup: if (infile) { pr_close(infile); } if (sgn) { sgn_destroycontext(sgn, pr_true); } return rv; } /* * verify the signature using public key */ secstatus verifydata(const char *infilename, seckeypublickey *pk, secitem *sigitem, secupwdata *pwdata) { unsigned int nb; unsigned char ibuf[4096]; secstatus rv = secfailure; vfycontext *vfy = null; prfiledesc *infile = null; /* open the input file for reading */ infile = pr_open(infilename, pr_rdonly, 0); ...
..._stderr, "unable to open \"%s\" for reading.\n", infilename); rv = secfailure; goto cleanup; } vfy = vfy_createcontext(pk, sigitem, sec_oid_pkcs1_md5_with_rsa_encryption, pwdata); if (!vfy) { pr_fprintf(pr_stderr, "unable to create context for verifying signature\n"); rv = secfailure; goto cleanup; } rv = vfy_begin(vfy); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_begin\n"); goto cleanup; } while ((nb = pr_read(infile, ibuf, sizeof(ibuf))) > 0) { rv = vfy_update(vfy, ibuf, nb); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_up...
...And 10 more matches
SubtleCrypto.sign() - Web APIs
WebAPISubtleCryptosign
the sign() method of the subtlecrypto interface generates a digital signature.
...it returns a promise which will be fulfilled with the signature.
... you can use the corresponding subtlecrypto.verify() method to verify the signature.
...And 10 more matches
NSS tools : signver
MozillaProjectsNSStoolssignver
name signver — verify a detached pkcs#7 signature for a file.
... synopsis signtool -a | -v -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v] description the signature verification tool, signver, is a simple command-line utility that unpacks a base-64-encoded pkcs#7 signed object and verifies the digital signature using standard cryptographic techniques.
... the signature verification tool can also display the contents of the signed object.
...And 9 more matches
sample2
gin pub key -----" #define pubkey_trailer "-----end pub key -----" #define ns_certreq_header "-----begin new certificate request-----" #define ns_certreq_trailer "-----end new certificate request-----" #define ns_cert_enc_header "-----begin certificate for encryption-----" #define ns_cert_enc_trailer "-----end certificate for encryption-----" #define ns_cert_vfy_header "-----begin certificate for signature verification-----" #define ns_cert_vfy_trailer "-----end certificate for signature verification-----" #define ns_sig_header "-----begin signature-----" #define ns_sig_trailer "-----end signature-----" #define ns_cert_header "-----begin certificate-----" #define ns_cert_trailer "-----end certificate-----" /* missing publically from nss versions earlier than 3.13 */ #ifndef sec_error_base #define s...
...ead(infile, ibuf, sizeof(ibuf))) > 0) { rv = sgn_update(sgn, ibuf, nb); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while sgn_update\n"); goto cleanup; } } rv = sgn_end(sgn, res); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while sgn_end\n"); goto cleanup; } cleanup: if (infile) { pr_close(infile); } if (sgn) { sgn_destroycontext(sgn, pr_true); } return rv; } /* * verify the signature using public key */ secstatus verifydata(const char *infilename, seckeypublickey *pk, secitem *sigitem, secupwdata *pwdata) { unsigned int nb; unsigned char ibuf[4096]; secstatus rv = secfailure; vfycontext *vfy = null; prfiledesc *infile = null; /* open the input file for reading */ infile = pr_open(infilename, pr_rdonly, 0); if (!infile) { pr_fprintf(pr_stderr, "unable to open \"%s\" for readin...
...g.\n", infilename); rv = secfailure; goto cleanup; } vfy = vfy_createcontext(pk, sigitem, sec_oid_pkcs1_md5_with_rsa_encryption, pwdata); if (!vfy) { pr_fprintf(pr_stderr, "unable to create context for verifying signature\n"); rv = secfailure; goto cleanup; } rv = vfy_begin(vfy); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_begin\n"); goto cleanup; } while ((nb = pr_read(infile, ibuf, sizeof(ibuf))) > 0) { rv = vfy_update(vfy, ibuf, nb); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_update\n"); goto cleanup; } } rv = vfy_end(vfy); if (rv != secsuccess) { pr_fprintf(pr_stderr, "problem while vfy_end\n"); goto cleanup; } cleanup: if (infile) { pr_close(infile); } if (vfy) { vfy_destroycontext(vfy, pr_true); } return rv; } /* * write cryptographic parameters to h...
...And 8 more matches
Following the Android Toasts Tutorial from a JNI Perspective
the sig's will be represented as javascript strings in jni.jsm, and the sig's of the types are as follows: java type signature boolean z byte b char c class/object lclass name in slash notation here; double d float f int i long j short s void v array of type [sig here method format (sig of type of each argument here)sig of the return type here declaring a class/object ...
...for example, if the class is blah.foo.bar then the signature of this will be this in slash notation with an l and ; around it.
... when declaring methods, the signatures of the types go right next to each other without any spacing.
...And 6 more matches
Understanding WebAssembly text format - WebAssembly
all code in a webassembly module is grouped into functions, which have the following pseudo-code structure: ( func <signature> <locals> <body> ) the signature declares what the function takes (parameters) and returns (return values).
... signatures and parameters the signature is a sequence of parameter type declarations followed by a list of return type declarations.
...) after the signature, locals are listed with their type, for example (local i32).
...And 6 more matches
Setting Up a Development Environment - Archive of obsolete content
signing extensions in order to provide additional security for your users, you can choose to add a signature to your extension.
... the signature verifies that you are the author of this extension, and it can only be done if you have a valid certificate provided by a trusted certificate authority.
...it's not common to sign extensions because most users will trust the official add-ons site (amo) rather than rely on extension signatures.
...And 5 more matches
An overview of NSS Internals
a certificate contains lots of other details; for example, it contains a signature by a third party that expresses trust in the ownership relationship for the certificate.
... key responsibilites of nss are verification of signatures and certificates.
... in order to verify a digital signature, we have to look at the application data (e.g., a document that was signed), the signature data block (the digital signature), and a public key (as found in a certificate that is believed to be the signer, e.g., identified by metadata received together with the signature).
...And 5 more matches
sslerr.html
_error_unknown_ca_alert -12195 "peer does not recognize and trust the ca that issued your certificate." ssl_error_access_denied_alert -12194 "peer received a valid certificate, but access was denied." ssl_error_decode_error_alert -12193 "peer could not decode an ssl handshake message." ssl_error_decrypt_error_alert -12192 "peer reports failure of signature verification or key exchange." ssl_error_export_restriction_alert -12191 "peer reports negotiation not in compliance with export regulations." ssl_error_protocol_version_alert -12190 "peer reports incompatible or unsupported protocol version." ssl_error_insufficient_security_alert -12189 "server requires ciphers more secure than those supported by clie...
... ssl_error_decompression_failure -12177 "ssl received a compressed record that could not be decompressed." sec error codes table 8.2 security error codes defined in secerr.h constant value description sec_error_io -8192 an i/o error occurred during authentication; or an error occurred during crypto operation (other than signature verification).
... sec_error_bad_signature -8182 peer's certificate has an invalid signature.
...And 5 more matches
Signing Mozilla apps for Mac OS X
the codesign tool apple provides a tool called codesign; this command-line application is used to add a signature to an application bundle.
...when you're signing mozilla applications with v1 signatures, you'll need to specify a custom coderesources file here.
... -f forces codesign to overwrite an existing signature on the application.
...And 5 more matches
WebIDL bindings
webidl overloads are turned into c++ overloads: they simply call c++ methods with the same name and different signatures.
... the method signature for the getter looks just like an operation with no arguments and the attribute's type as the return type.
...the method signature looks just like an operation with a void return value and a single argument whose type is the attribute's type.
...And 5 more matches
NSS 3.28 release notes
ssl_signatureschemeprefset allows an application to set which signature schemes should be supported in tls and to specify the preference order of those schemes.
... ssl_signatureschemeprefget allows an application to learn the currently supported and enabled signature schemes for a socket.
... nss now uses the signature schemes definition in tls 1.3 (bug 1309446).
...And 4 more matches
NSS_3.12.3_release_notes.html
nss_allow_weak_signature_alg boolean (any non-empty value to enable) enables the use of md2 and md4 hash algorithms inside signatures.
... nss_hash_alg_support string specifies algorithms allowed to be used in certain applications, such as in signatures on certificates and crls.
...uote (see cert.h) cert_comparecerts (see cert.h) cert_registeralternateocspaiainfocallback (see ocsp.h) pk11_getsymkeyhandle (see pk11pqg.h) util_setforkstate (see secoid.h) nss_getalgorithmpolicy (see secoid.h) nss_setalgorithmpolicy (see secoid.h) for the 2 functions above see also (in secoidt.h): nss_use_alg_in_cert_signature nss_use_alg_in_cms_signature nss_use_alg_reserved support for the watcom c compiler is removed the file watcomfx.h is removed.
...And 4 more matches
Index - Web APIs
WebAPIIndex
217 authenticatorassertionresponse.authenticatordata api, authenticatorassertionresponse, property, reference, web authentication api, webauthn the authenticatordata property of the authenticatorassertionresponse interface returns an arraybuffer containing information from the authenticator such as the relying party id hash (rpidhash), a signature counter, test of user presence, user verification flags, and any extensions processed by the authenticator.
... 218 authenticatorassertionresponse.signature api, authenticatorassertionresponse, property, reference, web authentication api, webauthn the signature read-only property of the authenticatorassertionresponse interface is an arraybuffer object which is the signature of the authenticator for both authenticatorassertionresponse.authenticatordata and a sha-256 hash of the client data (authenticatorassertionresponse.clientdatajson).
... 221 authenticatorattestationresponse.attestationobject api, authenticatorattestationresponse, property, reference, web authentication api, webauthn the attestationobject property of the authenticatorattestationresponse interface returns an arraybuffer containing the new public key, as well as signature over the entire attestationobject with a private key that is stored in the authenticator when it is manufactured.
...And 4 more matches
Extension Versioning, Update and Compatibility - Archive of obsolete content
axversion>2.0.0.*</em:maxversion> <em:updatelink>http://www.mysite.com/foobar2.5.xpi</em:updatelink> <em:updatehash>sha256:78fc1d2887eda35b4ad2e3a0b60120ca271ce6e64ad2e3a0b60120ca271ce6e6</em:updatehash> </rdf:description> </em:targetapplication> </rdf:description> </rdf:li> </rdf:seq> </em:updates> <!-- a signature is only necessary if your add-on includes an updatekey in its install.rdf.
... --> <em:signature>migtma0gcsqgsib3dqebbquaa4gbamo1o2gwsccth1gwymgscfanakpn40pjfowt ub2hvdg8+oxmcif8d/9evwm8eh/ixuxyzlmrzts3o5tv9eway5ubctqdf1wgtsgk jrgzow1fitkzi7w0//c8ekdmlatguegfns2iltd5p/0kh/hf1rpc1wuqeqkcd4+l bcvq13ad</em:signature> </rdf:description> </rdf:rdf> some people prefer this alternate format (note that much of the information has been trimmed from this example for brevity in order to show the basic structure): <?xml version="1.0" encoding="utf-8"?> <rdf:rdf xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <!-- this description resource includes all the update and compatibility information for a single add-on with the id foobar@developer.mozilla.or...
...the actual uri can be whatever you like --> <rdf:li resource="urn:mozilla:extension:foobar@developer.mozilla.org:2.2"/> <rdf:li resource="urn:mozilla:extension:foobar@developer.mozilla.org:2.5"/> </rdf:seq> </em:updates> <em:signature>migtma0gcsqgsib3dqebbquaa4gbamo1o2gwsccth1gwymgscfanakpn40pjfowt ub2hvdg8+oxmcif8d/9evwm8eh/ixuxyzlmrzts3o5tv9eway5ubctqdf1wgtsgk jrgzow1fitkzi7w0//c8ekdmlatguegfns2iltd5p/0kh/hf1rpc1wuqeqkcd4+l bcvq13ad</em:signature> </rdf:description> <!-- this represents the same description within the li from the previous example --> <rdf:descripti...
...And 3 more matches
NSS 3.21 release notes
nss 3.21 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_21_rtm/src/ security fixes in nss 3.21 bug 1158489 / cve-2015-7575 - prevent md5 downgrade in tls 1.2 signatures.
... in ssl.h ssl_getpreliminarychannelinfo - obtains information about a tls channel prior to the handshake being completed, for use with the callbacks that are invoked during the handshake ssl_signatureprefset - configures the enabled signature and hash algorithms for tls ssl_signatureprefget - retrieves the currently configured signature and hash algorithms ssl_signaturemaxcount - obtains the maximum number signature algorithms that can be configured with ssl_signatureprefset in utilpars.h nssutil_argparsemodulespecex - takes a module spec and breaks it into shared library str...
... ck_tls12_master_key_derive_params{_ptr} - parameters {or pointer} for ckm_tls12_master_key_derive ck_tls12_key_mat_params{_ptr} - parameters {or pointer} for ckm_tls12_key_and_mac_derive ck_tls_kdf_params{_ptr} - parameters {or pointer} for ckm_tls_kdf ck_tls_mac_params{_ptr} - parameters {or pointer} for ckm_tls_mac in sslt.h sslhashtype - identifies a hash function sslsignatureandhashalg - identifies a signature and hash function sslpreliminarychannelinfo - provides information about the session state prior to handshake completion new macros in nss.h nss_rsa_min_key_size - used with nss_optionset and nss_optionget to set or get the minimum rsa key size nss_dh_min_key_size - used with nss_optionset and nss_optionget to set or get the minimum dh key...
...And 3 more matches
FC_VerifyRecover
syntax ck_rv fc_verifyrecover( ck_session_handle hsession, ck_byte_ptr psignature, ck_ulong ussignaturelen, ck_byte_ptr pdata, ck_ulong_ptr pusdatalen ); parameters hsession [in] session handle.
... psignature [in] mechanism to be used for the signing operation.
... ussignaturelen [in] handle of the key to be usedn.
...And 3 more matches
generateCRMFRequest() - Archive of obsolete content
(this will have digitalsignature, keyencipherment, and nonrepudiation set for keyusage.) "rsa-sign" - generate an rsa key for signing only.
... (this will have digitalsignature set for keyusage.) "rsa-nonrepudiation" - generate a single rsa key for nonrepudiation only.
...(this will have both digitalsignature and nonrepudiation set for keyusage.) "dsa-sign" - generate a single dsa key for signing only.
...And 2 more matches
JSS Provider Notes
at runtime, the jre automatically verifies this signature whenever a jss class is loaded that implements a jce algorithm.
...if you are curious, you can verify the signature on the jar file using the jarsigner tool, which is distributed with the jdk.
... if you build jss yourself from source instead of using binaries downloaded from mozilla.org, your jar file will not have a valid signature.
...And 2 more matches
Mozilla-JSS JCA Provider notes
at runtime, the jre automatically verifies this signature whenever a jss class is loaded that implements a jce algorithm.
...if you are curious, you can verify the signature on the jar file using the jarsigner tool, which is distributed with the jdk.
... if you build jss yourself from source instead of using binaries downloaded from mozilla.org, your jar file will not have a valid signature.
...And 2 more matches
NSS_3.12_release_notes.html
ha224_hmac_general ckm_sha224_key_derivation ckm_camellia_key_gen ckm_camellia_ecb ckm_camellia_cbc ckm_camellia_mac ckm_camellia_mac_general ckm_camellia_cbc_pad ckm_camellia_ecb_encrypt_data ckm_camellia_cbc_encrypt_data ckg: mfgs ckg_mgf1_sha224 new error codes (see secerr.h): sec_error_not_initialized sec_error_token_not_logged_in sec_error_ocsp_responder_cert_invalid sec_error_ocsp_bad_signature sec_error_out_of_search_limits sec_error_invalid_policy_mapping sec_error_policy_validation_failed sec_error_unknown_aia_location_type sec_error_bad_http_response sec_error_bad_ldap_response sec_error_failed_to_encode_data sec_error_bad_info_access_location sec_error_libpkix_internal new mechanism flags (see secmod.h) public_mech_aes_flag public_mech_sha256_flag public_mech_sha512_flag public_...
...mech_camellia_flag new oids (see secoidt.h) new ec signature oids sec_oid_ansix962_ecdsa_signature_recommended_digest sec_oid_ansix962_ecdsa_signature_specified_digest sec_oid_ansix962_ecdsa_sha224_signature sec_oid_ansix962_ecdsa_sha256_signature sec_oid_ansix962_ecdsa_sha384_signature sec_oid_ansix962_ecdsa_sha512_signature more id-ce and id-pe oids from rfc 3280 sec_oid_x509_hold_instruction_code sec_oid_x509_delta_crl_indicator sec_oid_x509_issuing_distribution_point sec_oid_x509_cert_issuer sec_oid_x509_freshest_crl sec_oid_x509_inhibit_any_policy sec_oid_x509_subject_info_access camellia oids (rfc3657) sec_oid_camellia_128_cbc sec_oid_camellia_192_cbc sec_oid_camellia_256_cbc pkcs 5 v2 oids sec_oid_pkcs5_pbkdf2 sec_oid_pkcs5_pbes2 sec_oid_pkcs5_pbmac1 sec_oid_hmac_sha1 sec_oid_hmac_...
...sha224 sec_oid_hmac_sha256 sec_oid_hmac_sha384 sec_oid_hmac_sha512 sec_oid_pkix_timestamping sec_oid_pkix_ca_repository sec_oid_iso_sha1_with_rsa_signature changed oids (see secoidt.h) sec_oid_pkcs12_key_usage changed to sec_oid_bogus_key_usage sec_oid_ansix962_ecdsa_signature_with_sha1_digest changed to sec_oid_ansix962_ecdsa_sha1_signature note: sec_oid_ansix962_ecdsa_signature_with_sha1_digest is also kept for compatibility reasons.
...And 2 more matches
NSS API Guidelines
same level as ssl lib/crmf cmmf.h, crmf.h, crmft.h, cmmft.h, crmffut.h cryptohi provides high-level cryptographic support operations: such as signing, verifying signatures, key generation, key manipulation, hashing; and data types.
... callback functions, and functions used in function tables, should have a typedef used to define the complete signature of the given function.
...also, the signature of public destruction functions do not have the 'freeit' prbool, since the structures being freed are opaque.
...And 2 more matches
nss tech note3
certusageemailsigner ......... used to verify s/mime email signatures certusageemailrecipient ...... used to encrypt s/mime emails.
... certusageobjectsigner ........ used to verify signatures on files of executable code, e.g.
... there are 8 key usages: cert_sign crl_sign data_encipherment digital_signature govt_approved key_agreement key_encipherment non_repudiation there are 9 cert types: email email_ca object_signing object_signing_ca ssl_ca ssl_client ssl_server status_responder time_stamp for the cert being checked, the requirements are: cert usage requried key usage required cert type -------------------- -------------------- ----------------------- sslclient: digital...
...And 2 more matches
Python binding for NSS
certificate() constructor signature changed from certificate(data=none, der_is_signed=true) to certificate(data, certdb=cert_get_default_certdb(), perm=false, nickname=none) this change was necessary because all certs should be added to the nss temporary database when they are loaded, but earlier code failed to to that.
... nss.set_ocsp_timeout nss.clear_ocsp_cache nss.set_ocsp_default_responder nss.enable_ocsp_default_responder nss.disable_ocsp_default_responder the following files were added: src/py_traceback.h doc/examples/verify_cert.py test/test_misc.py the following constants were added: nss.ku_digital_signature nss.ku_non_repudiation nss.ku_key_encipherment nss.ku_data_encipherment nss.ku_key_agreement nss.ku_key_cert_sign nss.ku_crl_sign nss.ku_encipher_only nss.ku_all nss.ku_digital_signature_or_non_repudiation nss.ku_key_agreement_or_encipherment nss.ku_ns_govt_approved nss.pk11certlistunique nss.pk11certlistus...
... doc/examples/cert_dump.py uses new algorithmid class to dump signature algorithm doc/examples/ssl_example.py now can cleanly shutdown nss.
...And 2 more matches
FC_SignFinal
syntax ck_rv fc_signfinal( ck_session_handle hsession, ck_byte_ptr psignature, ck_ulong_ptr pussignaturelen ); parameters hsession [in] session handle.
... psignature [out] pointer to the buffer which will receive the digest or null.
... pussignaturelen [in, out] pointer to location containing the maximum buffer size.
...And 2 more matches
FC_SignRecover
syntax ck_rv fc_signrecover( ck_session_handle hsession, ck_byte_ptr pdata, ck_ulong usdatalen, ck_byte_ptr psignature, ck_ulong_ptr pussignaturelen ); parameters hsession [in] session handle.
...psignature [out] pointer to the buffer or null.
... pussignaturelen [in, out] pointer to the size of the output buffer, replaced by the length of the signature if the operation is successful.
...And 2 more matches
FC_Verify
syntax ck_rv fc_verify( ck_session_handle hsession, ck_byte_ptr pdata, ck_ulong usdatalen, ck_byte_ptr psignature, ck_ulong ussignaturelen ); parameters hsession [in] session handle.
...psignature [in] pointer to the signature.
... ussignaturelen [in] length of the signature in bytes.
...And 2 more matches
NSS functions
if you need to verify for multiple usages use cert_verifycertificatenow cert_verifyocspresponsesignature mxr 3.6 and later cert_verifysigneddata mxr 3.4 and later cert_verifysigneddatawithpublickey mxr 3.7 and later cert_verifysigneddatawithpublickeyinfo mxr 3.7 and later nss_cmpcertchainwcanames mxr 3.2 and later nss_findcertkeatype mxr 3.2 and later cryptography functions the public functions listed here per...
...k11_setpublickeynickname mxr 3.4 and later pk11_setslotpwvalues mxr 3.2 and later pk11_setsymkeynickname mxr 3.4 and later pk11_setsymkeyuserdata mxr 3.11 and later pk11_setwrapkey mxr 3.2 and later pk11_sign mxr 3.2 and later pk11_signaturelen mxr 3.2 and later pk11_symkeyfromhandle mxr 3.2 and later pk11_tokenexists mxr 3.2 and later pk11_tokenkeygen mxr 3.6 and later pk11_tokenkeygenwithflags mxr 3.10.2 and later pk11_tokenrefresh mxr 3.7.1 and later pk11_traversece...
...er seckey_ecparamstokeysize mxr 3.12 and later seckey_destroypublickeylist mxr 3.4 and later seckey_destroysubjectpublickeyinfo mxr 3.2 and later seckey_getpublickeytype mxr 3.3 and later seckey_publickeystrengthinbits mxr 3.8 and later seckey_signaturelen mxr 3.11.2 and later utility functions the public functions listed here perform initialization tasks and other services.
...And 2 more matches
sslfnc.html
if the checksig parameter is set to pr_true, the callback function also verifies the digital signature.
... checksig pr_true means signatures are to be checked and the certificate chain is to be validated.
... syntax #include "ssl.h" secstatus ssl_authcertificate( void *arg, prfiledesc *fd, prbool checksig, prbool isserver); parameters this function has the following parameters: arg a pointer to the handle of the certificate database to be used in validating the certificate's signature.
...And 2 more matches
Mozilla internal string guide
for example: /* signature: void handleunicodestring(const nsastring& str); */ object->handleunicodestring(ns_convertutf8toutf16(utf8string)); /* signature: void handleunicodebuffer(const char16_t* str); */ object->handleunicodebuffer(ns_convertutf8toutf16(utf8string).get()); ns_convertutf16toutf8(const nsastring&) - a nsautocstring which converts a 16-bit utf-16 string (nsastring) to a utf-8 encoded string.
... /* signature: void handleutf8string(const nsacstring& str); */ object->handleutf8string(ns_convertutf16toutf8(utf16string)); /* signature: void handleutf8buffer(const char* str); */ object->handleutf8buffer(ns_convertutf16toutf8(utf16string).get()); copyutf8toutf16(const nsacstring&, nsastring&) - converts and copies: // return a utf-16 value void foo::getunicodevalue(nsastring& result) { copyutf8toutf16(mlocalutf8value, result); } appendutf8toutf16(const nsacstring&, nsastring&) - converts and appends: // return a utf-16 value void foo::getunicodevalue(nsastring& result) { result.assignliteral("prefix:"); appendutf8toutf16(mlocalutf8value, result); } utf8tonewunicode(const nsacstring&, pruint32* autf16count = ns...
... // call init(const char16_t*) - bad signature, will need to do runtime length calculation inside init(l"start value"); // bad - l"..." is not portable!
...And 2 more matches
Index - MDN Web Docs Glossary: Definitions of Web-related terms
cryptographic hash functions are used for authentication, digital signatures, and message authentication codes.
... 417 signature disambiguation, glossary the term signature can have several meanings depending on the context.
... it may refer to: 418 signature (functions) codingscripting, glossary, java, javascript a function signature (or type signature, or method signature) defines input and output of functions or methods.
... 419 signature (security) cryptography, glossary, privacy, security a signature, or digital signature, is a protocol showing that a message is authentic.
FC_VerifyFinal
syntax ck_rv fc_verifyfinal( ck_session_handle hsession, ck_byte_ptr psignature, ck_ulong ussignaturelen ); parameters hsession [in] session handle.
... psignature [in] pointer to the buffer which will receive the digest or null.
... ussignaturelen [in] length of the signature in bytes.
... description fc_verifyfinal finishes a multi-part signature verification operation.
sslcrt.html
validating certificates manipulating certificates getting certificate information comparing secitem objects validating certificates cert_verifycertnow cert_verifycertname cert_checkcertvalidtimes nss_cmpcertchainwcanames cert_verifycertnow checks that the current date is within the certificate's validity period and that the ca signature on the certificate is valid.
... checksig indicates whether certificate signatures are to be checked.
... pr_true means certificate signatures are to be checked.
... pr_false means certificate signatures will not be checked.
NSS Tools certutil
-e check a certificate's signature during the process of validating a certificate.
... -x use the certificate database tool to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate ca.
...se this example adds a certificate to the certificate database: certutil -a -n jsmith@netscape.com -t "p,p,p" -i mycert.crt -d certdir you can see this certificate in the database with this command: certutil -l -n jsmith@netscape.com -d certdir the certificate database tool displays output similar to the following: certificate: data: version: 3 (0x2) serial number: 0 (0x0) signature algorithm: pkcs #1 md5 with rsa encryption issuer: cn=john smith, o=netscape, l=mountain view, st=california, c=us validity: not before: thu mar 12 00:10:40 1998 not after: sat sep 12 00:10:40 1998 subject: cn=john smith, o=netscape, l=mountain view, st=california, c=us subject public key info: public key algorithm: pkcs #1 rsa encryption rsa public key: ...
...: 18:da:6b:79:71:5b:d9:8a:82:24:07:ed:49:5b:33: bf:c5:79:7c:f6:22:a7:18:66:9f:ab:2d:33:03:ec: 63:eb:9d:0d:02:1b:da:32:ae:6c:d4:40:95:9f:b3: 44:8b:8e:8e:a3:ae:ad:08:38:4f:2e:53:e9:e1:3f: 8e:43:7f:51:61:b9:0f:f3:a6:25:1e:0b:93:74:8f: c6:13:a3:cd:51:40:84:0e:79:ea:b7:6b:d1:cc:6b: 78:d0:5d:da:be:2b:57:c2:6f exponent: 65537 (0x10001) signature algorithm: pkcs #1 md5 with rsa encryption signature: 44:15:e5:ae:c4:30:2c:cd:60:89:f1:1d:22:ed:5e:5b:10:c8: 7e:5f:56:8c:b4:00:12:ed:5f:a4:6a:12:c3:0d:01:03:09:f2: 2f:e7:fd:95:25:47:80:ea:c1:25:5a:33:98:16:52:78:24:80: c9:53:11:40:99:f5:bd:b8:e9:35:0e:5d:3e:38:6a:5c:10:d1: c6:f9:54:af:28:56:62:f4:2f:b3:9b:50:e1:c3:a2:ba:27:ee: 07:9f:89:2e:78:5c:6d:46:b6:5e:99:de:e6:9d:eb:d9:ff:...
JS_GET_CLASS
this macro was removed in spidermonkey 1.8.8 when the signature of js_getclass() was changed to take only an object pointer.
... newer versions have removed the context argument, so that the same signature is used regardless whether or not the build is thread-safe.
...the js_get_class abstracted away signature differences in the js_getclass method in threadsafe and non-threadsafe builds.
... as of spidermonkey 1.8.8 it no longer exists, because js_getclass's signature is the same in all build environments.
SpiderMonkey 1.8.5
many jsapi types, functions, and callback signatures have changed, though most of them still have the same names and do the same things.
...all support for the slow native function type has been removed, and the fast signature has been renamed to jsnative.
... embeddings that defined jsnatives in previous versions must update all those functions to the new signature.
...strings js_comparestrings received a new function signature with bug 609440, allowing us to correctly propagate exceptions when the underlying functions to retrieve the characters in the string failed.
A Web PKI x509 certificate primer
in general, x509 certificates bind a signature to a validity period, a public key, a subject, an issuer, and a set of extensions.
...examples of key usages are: digitalsignature, keyencipherment, dataencipherment, keycertsign, and crlsign.
...an i do sec_error_bad_der a certificate is not properly encoded according to asn.1 (der) encoding re-generate the improperly-encoded certificate sec_error_ca_cert_invalid an end-entity certificate is being used to issue another certificate ensure that any certificate intended to issue certificates has a basic constraints extension with ca: true sec_error_bad_signature a signature on a certificate is improperly formatted or the certificate has been tampered with re-issue the certificate with the bad signature sec_error_cert_bad_access_location the ocsp uri in the authorityinformationaccess extension is improperly formed re-generate the certificate with a well-formed ocsp uri sec_error_cert_not_in_name_space a certificate has a c...
...ommon name or subject alternative name that is not in the namespace of an issuing certificate re-issue the certificate with names that are within the namespace of all certificates in the chain sec_error_cert_signature_algorithm_disabled a certificate has been signed with an obsolete algorithm re-sign the certificate using a modern algorithm sec_error_expired_certificate a certificate is too old to be used re-generate the certificate sec_error_extension_value_invalid a certificate has an extension with an empty value re-generate the certificate without the extension, or re-generate it with a non-empty value sec_error_inadequate_cert_type a certificate has an extended key usage extension that does not assert a required usage, or an end-entit...
nsIMsgIdentity
attachsignature boolean should we attach a signature by default?
... sigbottom boolean what should our signature be at the end of the quoted text when replying above it?
... signature nsilocalfile the file containing the current signature.
... signaturedate long escapedvcard astring dofcc boolean fccfolder astring fccfolderpickermode astring fccreplyfollowsparent boolean draftsfolderpickermode astring tmplfolderpickermode astring bccself boolean note: don't call bccself, bccothers, and bcclist directly, they are only used for migration and backward compatability.
NSS 3.15.1 release notes
the hash function used in the signature for tls 1.2 client authentication must be the hash function of the tls 1.2 prf, which is always sha-256 in nss 3.15.1.
... in sslerr.h ssl_error_unsupported_hash_algorithm, ssl_error_digest_failure, ssl_error_incorrect_signature_algorithm - new error codes for tls 1.2.
... ssl_signature_algorithms_xtn - a new value in the sslextensiontype enum type.
NSS 3.16.2.1 release notes
bug 1064636 - (cve-2014-1568) rsa signature forgery in nss.
...this is a patch release to fix a bug that caused nss to accept forged rsa signatures.
... bugs fixed in nss 3.16.2.1 bug 1064636 - (cve-2014-1568) rsa signature forgery in nss acknowledgements the nss development team would like to thank antoine delignat-lavaud, security researcher at inria paris in team prosecco, and the advanced threat research team at intel security, who both independently discovered and reported this issue, for responsibly disclosing the issue by providing advance copies of their research.
NSS 3.16.5 release notes
bug 1064636 - (cve-2014-1568) rsa signature forgery in nss.
...this is a patch release to fix a bug that caused nss to accept forged rsa signatures.
... bugs fixed in nss 3.16.5 bug 1064636 - (cve-2014-1568) rsa signature forgery in nss acknowledgements the nss development team would like to thank antoine delignat-lavaud, security researcher at inria paris in team prosecco, and the advanced threat research team at intel security, who both independently discovered and reported this issue, for responsibly disclosing the issue by providing advance copies of their research.
NSS 3.17.1 release notes
bug 1064636 - (cve-2014-1568) rsa signature forgery in nss.
... new in nss 3.17.1 this patch release adds new functionality and fixes a bug that caused nss to accept forged rsa signatures.
... notable changes in nss 3.17.1 signature algorithms now use sha-256 instead of sha-1 by default.
NSS 3.25.1 release notes
notable changes in nss 3.25.1 md5 signature algorithms sent by the server in certificaterequest messages are now properly ignored.
... previously, with rare server configurations, an md5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after.
... bugs fixed in nss 3.25.1 the following bug has been fixed in nss 3.25.1: ignore md5 signature algorithms in certificate requests compatibility nss 3.25.1 shared libraries are backwards compatible with all older nss 3.x shared libraries.
NSS 3.26.2 release notes
notable changes in nss 3.26.2 md5 signature algorithms sent by the server in certificaterequest messages are now properly ignored.
... previously, with rare server configurations, an md5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after.
... bugs fixed in nss 3.26.2 the following bug has been fixed in nss 3.26.2: ignore md5 signature algorithms in certificate requests compatibility nss 3.26.2 shared libraries are backward compatible with all older nss 3.x shared libraries.
NSS 3.35 release notes
for the sslsignaturescheme enum, the enumerated values ssl_sig_rsa_pss_sha* are deprecated in response to a change in tls 1.3.
... note: in this release, support for new rsa_pss_pss_shax signature schemes have been disabled; end-entity certificates with rsa-pss keys will still be used to produce signatures, but they will use the rsa_pss_rsae_shax codepoints.
... the signatures of functions ssl_optionset, ssl_optionget, ssl_optionsetdefault and ssl_optiongetdefault have been modified, to take a printn argument rather than prbool.
NSS 3.39 release notes
nss 3.39 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_39_rtm/src/ new in nss 3.39 new functionality the tstclnt and selfserv utilities added support for configuring the enabled tls signature schemes using the -j parameter.
... support for these keys is disabled by default but can be enabled using ssl_signatureschemeprefset().
... previous versions of nss accepted an rsa pkcs#1 v1.5 signature where the digestinfo structure was missing the null parameter.
NSS 3.47 release notes
distrust certificates issued after a certain date for a specified root cert bug 1588557 - bad debug statement in tls13con.c bug 1579060 - mozilla::pkix tag definitions for issueruniqueid and subjectuniqueid shouldn't have the constructed bit set bug 1583068 - nss 3.47 should pick up fix from bug 1575821 (nspr 4.23) bug 1152625 - support aes hw acceleration on armv8 bug 1549225 - disable dsa signature schemes for tls 1.3 bug 1586947 - pk11_importandreturnprivatekey does not store nickname for ec keys bug 1586456 - unnecessary conditional in pki3hack, pk11load and stanpcertdb bug 1576307 - check mechanism param and param length before casting to mechanism-specific structs bug 1577953 - support longer (up to rfc maximum) hkdf outputs bug 1508776 - remove refcounting from sftk_freesession (c...
... bug 1542207 - limit policy check on signature algorithms to known algorithms bug 1560329 - drbg: add continuous self-test on entropy source bug 1579290 - asan builds should disable lsan while building bug 1385061 - build nspr tests with nss make; add gyp parameters to build/run nspr tests bug 1577359 - build atob and btoa for thunderbird bug 1579036 - confusing error when trying to export non-existent cert with pk12util bug 1578626 - [...
... bug 1578751 - ensure a consistent style for pk11_find_certs_unittest.cc bug 1570501 - add cmac to freebl and pkcs #11 libraries bug 657379 - nss uses the wrong oid for signaturealgorithm field of signerinfo in cms for dsa and ecdsa bug 1576664 - remove -mms-bitfields from mingw nss build.
FC_Sign
syntax ck_rv fc_sign( ck_session_handle hsession, ck_byte_ptr pdata, ck_ulong usdatalen, ck_byte_ptr psignature, ck_ulong_ptr pussignaturelen ); parameters hsession [in] session handle.
...psignature [out] pointer to location where recovered data is to be stored.
... pussignaturelen [in, out] pointer to the maximum size of the output buffer, replaced by the length of the signature if the operation is successful.
FC_SignUpdate
description fc_signupdate starts or continues a multi-part signature operation.
... one or more blocks may be part of the signature.
... the signature for the entire message is returned by a call to fc_signfinal.
NSS tools : certutil
-e check a certificate's signature during the process of validating a certificate.
... -x use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate ca.
...there are several available keywords: + digital signature + nonrepudiation + keyencipherment + dataencipherment + keyagreement + certsigning + crlsigning + critical -2 add a basic constraint extension to a certificate that is being created or added to a database.
NSS Tools crlutil
arguments -b bypass ca signature checks.
... -l algorithm-name specify a specific signature algorithm.
... crlutil -l -d certdir -n nickname crl info: : version: 2 (0x1) signature algorithm: pkcs #1 md5 with rsa encryption issuer: "cn=nss test ca,o=bogus nss,l=mountain view,st=california,c=us" this update: wed feb 23 12:08:38 2005 entry (1): serial number: 40 (0x28) revocation date: wed feb 23 12:08:10 2005 entry (2): serial number: 42 (0x2a) revocation date: wed feb 23 12:08:40 2005 deleting crl from a dat...
certutil
-e check a certificate's signature during the process of validating a certificate.
... -x use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate ca.
... there are several available keywords: o digital signature o nonrepudiation o keyencipherment o dataencipherment o keyagreement o certsigning o crlsigning o critical -2 add a basic constraint extension to a certificate that is being created or added to a database.
NS_OVERRIDE
if there is no base class method with the same signature, a compiler with static-checking enabled will fail to compile.
...example class a has a method getfoo() which is overridden by class b: class a { virtual nsresult getfoo(nsifoo** aresult); }; class b : public a { ns_override virtual nsresult getfoo(nsifoo** aresult); }; later, the signature of a::getfoo() is changed to remove the output parameter: class a { - virtual nsresult getfoo(nsifoo** aresult); + virtual already_addrefed<nsifoo> getfoo(); }; b::getfoo() no longer overrides a::getfoo() as was originally intended.
... a compiler with static-checking enabled will issue the following error: test.cpp:8: error: ns_override function b::getfoo(nsifoo**) does not override a base class method with the same name and signature.
Getting Started Guide
nscomptrs in function signatures in general, you won't want to use nscomptr in the signature of xpcom (i.e., `scriptable') functions.
...additionally, this signature may confuse callers into thinking they need an nscomptr just to call the function.
... void f( const nscomptr<t>& ) don't pass an nscomptr by const reference exactly as the signature above, this practice is wasteful, but not otherwise harmful, and has the same impact as passing an nscomptr by value if the caller only supplied a raw pointer.
Console messages - Firefox Developer Tools
this site makes use of a sha-1 certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than sha-1.
... the site uses a certificate whose signature uses the sha-1 hash algorithm.
...see the weak signature algorithm article for more details.
AuthenticatorAssertionResponse - Web APIs
authenticatorassertionresponse.authenticatordata secure contextread only an arraybuffer containing information from the authenticator such as the relying party id hash (rpidhash), a signature counter, test of user presence and user verification flags, and any extensions processed by the authenticator.
... authenticatorassertionresponse.signature secure contextread only an assertion signature over authenticatorassertionresponse.authenticatordata and authenticatorresponse.clientdatajson.
... the assertion signature is created with the private key of keypair that was created during the navigator.credentials.create() call and verified using the public key of that same keypair.
SubtleCrypto - Web APIs
subtlecrypto.sign() returns a promise that fulfills with the signature corresponding to the text, algorithm, and key given as parameters.
... subtlecrypto.verify() returns a promise that fulfills with a boolean value indicating if the signature given as a parameter matches the text, algorithm, and key that are also given as parameters.
...the subtlecrypto api provides the following cryptography functions: * sign() and verify(): create and verify digital signatures.
Web Authentication API - Web APIs
these include: verifying that the challenge is the same as the challenge that was sent ensuring that the origin was the origin expected validating that the signature over the clientdatahash and the attestation using the certificate chain for that specific model of the authenticator a complete list of validation steps can be found in the web authentication api specification.
... authenticator returns data to browser - the authenticator returns the authenticatordata and assertion signature back to the browser.
... server validates and finalizes authentication - upon receiving the result of the authentication request, the server performs validation of the response such as: using the public key that was stored during the registration request to validate the signature by the authenticator.
HTTP headers - HTTP
WebHTTPHeaders
accept-signature a client can send the accept-signature header field to indicate intention to take advantage of any available signatures and to indicate what kinds of signatures it supports.
... signature the signature header field conveys a list of signatures for an exchange, each one accompanied by information about how to determine the authority of and refresh that signature.
... signed-headers the signed-headers header field identifies an ordered list of response header fields to include in a signature.
Getting Started (jpm) - Archive of obsolete content
after installation they'll show up disabled in the list of installed add-ons, noting the missing signature.
... during development, or if you don't plan to distribute, you can open about:config and set xpinstall.signatures.required to false to run it unsigned.
Migrating from Internal Linkage to Frozen Linkage - Archive of obsolete content
the frozen string api doesn't implement the left(), mid(), or right() signatures.
...all these functions are now available via the new string api - appendutf16toutf8(srcstring, deststring); + deststring.append(ns_convertutf16toutf8(srcstring)); the signatures of the find methods differ between the two apis.
Index - Archive of obsolete content
3741 digital signatures security, tutorial encryption and decryption address the problem of eavesdropping, one of the three internet security issues mentioned at the beginning of this document.
...for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." 3744 introduction to ssl ssl, security this document introduces the secure sockets layer (ssl) protocol.
Encryption and Decryption - Archive of obsolete content
nevertheless, private-key encryption is useful, because it means you can use your private key to sign data with your digital signature-an important requirement for electronic commerce and other commercial applications of cryptography.
..."digital signatures" describes how this confirmation process works.
Security - Archive of obsolete content
digital signaturesencryption and decryption address the problem of eavesdropping, one of the three internet security issues mentioned at the beginning of this document.
...for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." introduction to sslthis document introduces the secure sockets layer (ssl) protocol.
Public-key cryptography - MDN Web Docs Glossary: Definitions of Web-related terms
when used for digital signatures, the private key is used to sign and the public key to verify.
... this means that anyone can verify a signature, but only the owner of the corresponding private key could have generated it.
MDN Web Docs Glossary: Definitions of Web-related terms
scroll container scrollport sctp sdp search engine second-level domain secure sockets layer (ssl) selector (css) self-executing anonymous function semantics seo serialization server server timing session hijacking sgml shadow tree shim signature signature (functions) signature (security) simd simple header simple response header sisd site site map sld sloppy mode slug smoke test smpte (society of motion picture and television engineers) smtp snap positions soap spa (single-page applicati...
... wrapper x xforms xhr (xmlhttprequest) xhtml xinclude xlink xml xpath xquery xslt other 404 502 alpn at-rule attack byte-order mark character set client cryptosystem debug digital signature execution flex-direction glsl interface library memory management routers self-executing anonymous function stylesheet vector image ...
JNI.jsm
afullyqualifiedname a sig of a typed array or the name of the class that would be used in a signature, but without the surrounding l and ;.
...the signature for this would be lorg.mozilla.gecko.geckoappshell; but we pass here without the l and ;.
XPCOMUtils.jsm
example for (var section in xpcomutils.iterstringenumerator(iniparser.getsections())) console.log(section); post-registration callback the post-registration callback called by generatemodule() should have the following signature: postregister( nsicomponentmanager compmgr, nsifile filespec, componentsarray ); parameters compmgr an nsicomponentmanager instance to use for managing the component.
... pre-unregistration callback the pre-unregistration callback passed to generatemodule() should have the following signature: preunregister( nsicomponentmanager compmgr, nsifile filespec, componentsarray ); parameters compmgr the nsicomponentmanager instance to use for managing the component.
Memory reporting
that said, note that for some classes these methods may be virtual.) mfbt/memoryreporting.h defines mozilla::mallocsizeof as follows: typedef size_t (*mallocsizeof)(const void* p); functions with this signature measure the size of p by asking the heap allocator how big it is (via moz_malloc_usable_size).
...it helps prevent accidentally having small differences in the function signatures (e.g.
Cryptography functions
k11_setpublickeynickname mxr 3.4 and later pk11_setslotpwvalues mxr 3.2 and later pk11_setsymkeynickname mxr 3.4 and later pk11_setsymkeyuserdata mxr 3.11 and later pk11_setwrapkey mxr 3.2 and later pk11_sign mxr 3.2 and later pk11_signaturelen mxr 3.2 and later pk11_symkeyfromhandle mxr 3.2 and later pk11_tokenexists mxr 3.2 and later pk11_tokenkeygen mxr 3.6 and later pk11_tokenkeygenwithflags mxr 3.10.2 and later pk11_tokenrefresh mxr 3.7.1 and later pk11_traversece...
...er seckey_ecparamstokeysize mxr 3.12 and later seckey_destroypublickeylist mxr 3.4 and later seckey_destroysubjectpublickeyinfo mxr 3.2 and later seckey_getpublickeytype mxr 3.3 and later seckey_publickeystrengthinbits mxr 3.8 and later seckey_signaturelen mxr 3.11.2 and later ...
NSS 3.14 release notes
ces (nss) 3.14, which is a minor release with the following new features: support for tls 1.1 (rfc 4346) experimental support for dtls 1.0 (rfc 4347) and dtls-srtp (rfc 5764) support for aes-ctr, aes-cts, and aes-gcm support for keying material exporters for tls (rfc 5705) in addition to the above new features, the following major changes have been introduced: support for certificate signatures using the md5 hash algorithm is now disabled by default.
... certificate signatures that make use of the md5 hash algorithm will now be rejected by default.
NSS 3.16 release notes
new functions in cms.h nss_cmssignerinfo_verify - verify the signature of a single signerinfo.
... it just verifies the signature, assuming that the certificate has been verified already.
NSS 3.34 release notes
rsa-pss signatures are now supported on certificates.
... certificates with rsa-pss or rsa-pkcs#1v1.5 keys can be used to create an rsa-pss signature on a certificate, using the --pss-sign argument to certutil.
NSS 3.55 release notes
bug 1649487 - move overzealous assertion in vfy_endwithsignature.
... bug 1646324 - advertise pkcs#1 schemes for certificates in the signature_algorithms extension.
nss tech note7
for example, if you just need to generate or verify a signature, you can use the sgn_ and vfy_ functions in cryptohi.h.
...for a low level signature, use pk11_sign().
FC_VerifyUpdate
description fc_verifyupdate starts or continues a multi-part signature verification operation where the signature is an appendix to the data.
... one or more blocks may be part of the signature.
FIPS mode of operation
fc_digestinit fc_digest fc_digestupdate fc_digestkey fc_digestfinal signature and mac generation functions these functions support dsa, rsa, ecdsa, and hmac.
... fc_signinit fc_sign fc_signupdate fc_signfinal fc_signrecoverinit fc_signrecover signature and mac verification functions these functions support dsa, rsa, ecdsa, and hmac.
NSS environment variables
before 3.0 nss_allow_weak_signature_alg boolean (any non-empty value to enable) enables the use of md2 and md4 inside signatures.
... 3.12.5 nss_hash_alg_support string specifies agorithms allowed to be used in certain applications, such as in signatures on certificates and crls.
NSS tools : crlutil
-b bypass ca signature checks.
... -l algorithm-name specify a specific signature algorithm.
NSS tools : crlutil
MozillaProjectsNSStoolscrlutil
-b bypass ca signature checks.
... -l algorithm-name specify a specific signature algorithm.
SpiderMonkey 1.8.7
many jsapi types, functions, and callback signatures have changed, though most of them still have the same names and do the same things.
...strings js_comparestrings received a new function signature with bug 609440, allowing us to correctly propagate exceptions when the underlying functions to retrieve the characters in the string failed.
SpiderMonkey 24
many jsapi types, functions, and callback signatures have changed, though most of them still have the same names and do the same things.
... many of the garbage collector changes require type signature changes to jsapi methods: specifically introducing js::rooted, js::handle, and js::mutablehandle types.
SpiderMonkey 31
many jsapi types, functions, and callback signatures have changed, though most functions that have changed still have the same names and implement essentially unchanged functionality.
...here is a list of the most significant changes: many of the garbage collector changes require type signature changes to jsapi methods: specifically introducing js::rooted, js::handle, and js::mutablehandle types.
Web Replay
recording a recording content process differs from a normal content process in the following ways: calls to certain functions are intercepted by hooking them (rewriting the machine code at their entry points to call a different function with the same signature), including the function used to dispatch mach messages.
... calls to new library functions most non-deterministic behaviors in a recorded/replayed process are captured by redirecting the system library functions which the process calls into — rewriting their machine code so they invoke a record/replay specific function with the same signature, which records any results of the function and then replays those results later without actually invoking the underlying library function.
Index
MozillaTechXPCOMIndex
536 nsidatasignatureverifier interfaces, interfaces:scriptable, xpcom, xpcom interface reference verifies that the data matches the data that was used to generate the signature.
...if there is no base class method with the same signature, a compiler with static-checking enabled will fail to compile.
nsILocalFileMac
constants constant value description current_process_creator 0x8000000 use with setfiletype() to specify the signature of current process.
...void inittoappwithcreatorcode( in ostype aappcreator ); parameters aappcreator the signature of the app.
xptcall FAQ
but the compiler builds frames customized at compile time for the specific signature of the callee.
... xptcall needs to be able to call any valid xpcom method signature and it needs to specify this at runtime.
Standard OS Libraries
if you go to getcursorpos page on msdn, it says first argument is of structure point, so lets create that structure, * the link here shows that that x and y are type long which is ctypes.long */ // https://msdn.microsoft.com/en-us/library/windows/desktop/dd162805%28v=vs.85%29.aspx var point = new ctypes.structtype("tagpoint", [ { "x": ctypes.long }, { "y": ctypes.long } ]); /* declare the signature of the function we are going to call */ var getcursorpos = lib.declare('getcursorpos', ctypes.winapi_abi, ctypes.bool, point.ptr ); /* use it like this */ var point = point(); var ret = getcursorpos(point.address()); components.utils.reporterror(ret); components.utils.reporterror(point); lib.close(); resources for winapi githubgists :: noitidart / search · winapi - winapi js-...
... resources for xcb github :: noitidart - ostypes / ostypes_x11.jsm - some method and type signatures xcb freedesktop :: xproto.h mac os x mac os x has two categories of c-based api (carbon, core foundation) and objective-c based api (cocoa).
AuthenticatorAssertionResponse.authenticatorData - Web APIs
the authenticatordata property of the authenticatorassertionresponse interface returns an arraybuffer containing information from the authenticator such as the relying party id hash (rpidhash), a signature counter, test of user presence, user verification flags, and any extensions processed by the authenticator.
... signcount (4 bytes) - a signature count from the authenticator.
AuthenticatorAttestationResponse.attestationObject - Web APIs
the attestationobject property of the authenticatorattestationresponse interface returns an arraybuffer containing the new public key, as well as signature over the entire attestationobject with a private key that is stored in the authenticator when it is manufactured.
...the public key that corresponds to the private key that has created the attestation signature is well known; however, there are various well known attestation public key chains for different ecosystems (for example, android or tpm attestations).
PublicKeyCredentialCreationOptions - Web APIs
this value will be signed by the authenticator and the signature will be sent back as part of authenticatorattestationresponse.attestationobject.
... publickeycredentialcreationoptions.pubkeycredparams an array of element which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations.
PublicKeyCredentialRequestOptions.challenge - Web APIs
this value (among other client data) will be signed by the authenticator's private key and produce authenticatorassertionresponse.signature which should be sent back to the server as part of the response.
... note: when the credential is created with a navigator.credentials.create() call, the signature of the challenge is contained within authenticatorattestationresponse.attestationobject.
Attestation and Assertion - Web APIs
authenticatordata - data created and/or used by the authenticator signature - a signature over the clientdatajson and authenticatordata that can be verified with the public key that was created during registration.
... it's important to highlight that the signature for assertion uses a different key pair than attestation.
Promise() constructor - JavaScript
the signature of this function is expected to be: function(resolutionfunc, rejectionfunc){ // typically, some asynchronous operation.
... the signatures of these two functions are simple, they accept a single parameter of any type.
Web security
weak signature algorithms the strength of the hash algorithm used in signing a digital certificate is a critical element of the security of the certificate.
... this article provides some information about signature algorithms known to be weak, so you can avoid them when appropriate.
Custom about: URLs - Archive of obsolete content
services.io.newchannel was deprecated, and the signature of the newchannel method changed.
Install Manifests - Archive of obsolete content
</description> updatekey to ensure the security of update rdf data that is retrieved over plain http you must use a digital signature to verify the contents of the data.
Appendix C: Avoiding using eval in Add-ons - Archive of obsolete content
in real life such code is often far more complex) the code might break in the future, as certain assumptions might not longer be true, for example the function signature may change (auri from above becomes aurl) or the function is replaced by a short-hand/arrow function: function addtab(auri) tabbrowser.addtab(auri); var addtab = (auri) => tabbrowser.addtab(auri); same as with "passing functions/code as strings" above, patching a function to with fragments of externally retrieved data will create security vulnerabilities.
Getting Started with Firefox Extensions - Archive of obsolete content
unsigned add-ons can still be installed in developer edition, nightly, and esr versions of firefox, after toggling the xpinstall.signatures.required preference in about:config.
Index of archived content - Archive of obsolete content
np_port np_shutdown samples and test cases shipping a plugin as a toolkit bundle supporting private browsing in plugins the first install problem writing a plugin for mac os x xembed extension for mozilla plugins sax security digital signatures encryption and decryption introduction to public-key cryptography introduction to ssl nspr release engineering guide ssl and tls solaris 10 build prerequisites sunbird theme tutorial table reflow internals tamarin tracing build documentation the basics of web services th...
MMgc - Archive of obsolete content
the signature of a missing write barrier is a black to white pointer that exists right before we sweep, after the sweep the pointer will point to deleted memory.
Gecko Coding Help Wanted - Archive of obsolete content
here are some fixes that are straightforward; they just need some time and attention: decomtamination convert weird, ugly and inefficient method signatures to more natural c++ method signatures.
JavaScript crypto - Archive of obsolete content
ertificate as part of the script, and checked against a pre-installed certificate copy in the local certificate database) the public keys, wrapped encryption private key, and text string from the script (possibly containing naming or enrollment info) are signed by the user signed blob is returned to the script script submits signed blob and any other necessary info to the ca/ra ca/ra verifies signature on signed blob ca/ra validates identity of user ca/ra sends wrapped encryption private key to kra kra sends escrow verification back to ca ca creates and signs certificates ca sends certificates back to the user (importusercertificates) typical use the ca's enrollment page could look something like this: <!doctype html> <h2>request a cert</h2> <form name="reqform" method="post" action="h...
Mozilla Application Framework in Detail - Archive of obsolete content
platform-independence (across over a dozen platforms) for non-gui operating system facilities with support for threads, thread synchronization, normal file and network i/o, interval timing and calendar time, basic memory management (malloc and free) and shared library linking; psm, a set of libraries that perform cryptographic operations including setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), other common pki functions, and s/mime support; an sql support that provides the ability to set up data sources, query a database, and retrieve results as javascript objects or rdf data sources; and an api for directory services via the lightweight directory access protocol (ldap).
Return Codes - Archive of obsolete content
chrome_registry_error -239 malformed_install -240 key_access_denied -241 access to the registry key has been denied key_does_not_exist -242 registry key does not exist value_does_not_exist -243 registry value does not exist invalid_signature -260 the signature used in the xpi is not valid invalid_hash -261 the hash used in the xpi is not valid invalid_hash_type -262 the has used in the xpi is not of a valid type out_of_memory -299 insufficient memory for operation gestalt_unknown_error -5550 ge...
Deploying XULRunner - Archive of obsolete content
ing> <key>cfbundleiconfile</key> <string>app_icon.icns</string> <key>cfbundleidentifier</key> <string>net.yourcompany.yourapplication</string> <key>cfbundleinfodictionaryversion</key> <string>6.0</string> <key>cfbundlename</key> <string>applicationname</string> <key>cfbundlepackagetype</key> <string>appl</string> <key>cfbundleshortversionstring</key> <string>1.0</string> <key>cfbundlesignature</key> <string>????</string> <!--only useful if your app handle urls--> <key>cfbundleurltypes</key> <array> <dict> <key>cfbundleurliconfile</key> <string>app_icon.icns</string> <key>cfbundleurlname</key> <string>yourapp entity</string> <key>cfbundleurlschemes</key> <array> <string>chrome</string> </array> </dict> </array> <key>cfbundleversion</key> <strin...
2006-10-27 - Archive of obsolete content
she is hoping to incorporate it into firefox for use with signature files.
Cryptographic hash function - MDN Web Docs Glossary: Definitions of Web-related terms
cryptographic hash functions are used for authentication, digital signatures, and message authentication codes.
Getting started with React - Learn web development
when you are done, your code should look something like this: reactdom.render(<app subject="clarice" />, document.getelementbyid('root')); back in app.js, let's revisit the app function itself, which reads like this (with the return statement shortened for brevity): function app() { const subject = "react"; return ( // return statement ); } change the signature of the app function so that it accepts props as a parameter, and delete the subject const.
TypeScript support in Svelte - Learn web development
index signature is missing in type '() => void'.
mach
when these modules are loaded, mach looks for specific signatures to detect mach commands.
Error codes returned by Mozilla APIs
ns_error_factory_not_loaded (0x800401f8) ns_error_factory_exists (0xc1f30100) ns_error_factory_no_signature_support (0xc1f30101) ns_error_proxy_invalid_in_parameter (0x80010010) ns_error_proxy_invalid_out_parameter (0x80010011) ns_error_cannot_convert_data (0x80460001) ns_error_object_is_immutable (0x80460002) ns_error_loss_of_significant_data (0x80460003) ns_error_illegal_during_shutdown (0x8046001e) many operations cannot be performed once the application is being shutdown.
How to investigate Disconnect failures
from there use “signature” as summary for bugzilla bug.
Creating a New Protocol
the method signatures can be read from the generated pnewprotocolparent.h and pnewprotocolchild.h headers.
IPDL Tutorial
the c++ signature will accept a pprotocolparent* on one side and convert it to a pprotocolchild* on the other.
Webapps.jsm
aid, aoldapp, anewapp) _computefilehash: function(afilepath) _sendappliedevent: function(aapp) _openandreadpackage: function(azipfile, aoldapp, anewapp, aislocalfileinstall,) _openpackage: function(azipfile, aapp, aislocalfileinstall) _opensignedpackage: function(ainstallorigin, amanifesturl, azipfile, acertdb) _readpackage: function(aoldapp, anewapp, aislocalfileinstall, aisupdate,) _checksignature: function(aapp, aissigned, aislocalfileinstall) _saveetag: function(aisupdate, aoldapp, arequestchannel, ahash, amanifest) _checkorigin: function(aissigned, aoldapp, amanifest, aisupdate) _getids: function(aissigned, azipreader, aconverter, anewapp, aoldapp,) _checkforstoreidmatch: function(aisupdate, anewapp, astoreid, astoreversion) revertdownloadpackage: function(aid, aoldapp, anewapp, ai...
Memory Profiler
you may need to set the "xpinstall.signatures.required" pref to false in order to install it, since the xpi is not yet signed.
Crash reporting
reports and queries crash-stats has built-in reports of "topcrashes" for each release grouped by signature.
McCoy
the signing is rdf aware, which means that if you reorganized the xml in the file into a more human readable form but the rdf data remained the same then the signature would still be valid.
Memory Management Operations
memory allocation functions are: pr_malloc pr_calloc pr_realloc pr_free pr_malloc(), pr_calloc(), pr_realloc(), and pr_free() have the same signatures as their libc equivalents malloc(), calloc(), realloc(), and free(), and have the same semantics.
PRCallOnceFN
defines the signature of the function a client must implement.
Certificate functions
if you need to verify for multiple usages use cert_verifycertificatenow cert_verifyocspresponsesignature mxr 3.6 and later cert_verifysigneddata mxr 3.4 and later cert_verifysigneddatawithpublickey mxr 3.7 and later cert_verifysigneddatawithpublickeyinfo mxr 3.7 and later nss_cmpcertchainwcanames mxr 3.2 and later nss_findcertkeatype mxr 3.2 and later ...
NSS 3.14.3 release notes
however, unlike pk11_sign, which uses a seckeyprivatekey, pk11_signwithsymkey performs the signature using a symmetric key, such as commonly used for generating macs.
NSS 3.15.2 release notes
new pkcs #11 mechanisms no new pkcs#11 mechanisms have been introduced notable changes in nss 3.15.2 bug 880543 - support for aes-gcm ciphersuites that use the sha-256 prf bug 663313 - md2, md4, and md5 signatures are no longer accepted for ocsp or crls, consistent with their handling for general certificate signatures.
NSS 3.15.4 release notes
support sha-1 signatures with tls 1.2 client authentication.
NSS 3.15 release notes
in secpkcs7.h sec_pkcs7verifydetachedsignatureattime - verifies a pkcs#7 signature at a specific time other than the present time.
NSS 3.19.2.2 release notes
nss 3.19.2.2 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_19_2_2_rtm/src/ security fixes in nss 3.19.2.2 bug 1158489 / cve-2015-7575 - prevent md5 downgrade in tls 1.2 signatures.
NSS 3.19 release notes
in tls 1.2 handshakes, nss advertises support for the sha512 hash algorithm in order to be compatible with tls servers that use certificates with a sha512 signature (bug 1155922).
NSS 3.20.2 release notes
nss 3.20.2 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_20_2_rtm/src/ security fixes in nss 3.20.2 bug 1158489 / cve-2015-7575 - prevent md5 downgrade in tls 1.2 signatures.
NSS 3.22 release notes
nss 3.22 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_22_rtm/src/ new in nss 3.22 new functionality rsa-pss signatures are now supported (bug 1215295) new functions pk11_signwithmechanism() and pk11_signwithmechanism() are provided to allow rsa keys to be used with pss.
NSS 3.24 release notes
also, partial support for rsa probabilistic signature scheme (rsa-pss) certificates has been added.
NSS 3.25 release notes
removed the limitation that allowed nss to only support certificate_verify messages that used the same signature hash algorithm as the prf when using tls 1.2 client authentication.
NSS 3.27 release notes
added support for rsa-pss signatures in tls 1.2 and tls 1.3 new functions in ssl.h ssl_namedgroupconfig notable changes in nss 3.27 update 2016-10-02: the maximum tls version supported has been increased to tls 1.3 (draft).
NSS 3.28.2 release notes
bugs fixed in nss 3.28.2 bug 1334114 - nss 3.28 regression in signature scheme flexibility, causes connectivity issue between ios 8 clients and nss servers with ecdsa certificates bug 1330612 - x25519 is the default curve for ecdhe in nss bug 1323150 - crash [@ readdbentry ] compatibility nss 3.28.2 shared libraries are backward compatible with all older nss 3.x shared libraries.
NSS 3.29 release notes
nss 3.29 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_29_rtm/src/ notable changes in nss 3.29 fixed a nss 3.28 regression in the signature scheme flexibility that causes connectivity issues between ios 8 clients and nss servers with ecdsa certificates (bug1334114).
NSS 3.30 release notes
rsa-pss signatures produced by key pairs with a modulus bit length that is not a multiple of 8 are now supported.
NSS 3.41 release notes
print: 56c77128d98c18d91b4cfdffbc25ee9103d4758ea2abad826a90f3457d460eb4 cn = opentrust root ca g2 sha-256 fingerprint: 27995829fe6a7515c1bfe848f9c4761db16c225929257bf40d0894f29ea8baf2 cn = opentrust root ca g3 sha-256 fingerprint: b7c36231706e81078c367cb896198f1e3208dd926949dd8f5709a410f75b6292 bugs fixed in nss 3.41 bug 1412829, reject empty supported_signature_algorithms in certificate request in tls 1.2 bug 1485864 - cache side-channel variant of the bleichenbacher attack (cve-2018-12404) bug 1481271 - resend the same ticket in clienthello after helloretryrequest bug 1493769 - set session_id for external resumption tokens bug 1507179 - reject ccs after handshake is complete in tls 1.3 this bugzilla query returns all the bugs fi...
NSS 3.44 release notes
3545 - allow to build nss as a static library 1487597 - early data that arrives before the handshake completes can be read afterwards 1548398 - freebl_gtest not building on linux/mac 1548722 - fix some coverity warnings 1540652 - softoken/sdb.c: logically dead code 1549413 - android log lib is not included in build 1537927 - ipsec usage is too restrictive for existing deployments 1549608 - signature fails with dbm disabled 1549848 - allow building nss for ios using gyp 1549847 - nss's sqlite compilation warnings make the build fail on ios 1550041 - freebl not building on ios simulator 1542950 - macos cipher test timeouts this bugzilla query returns all the bugs fixed in nss 3.44: https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&...
NSS Config Options
xport dhe-rsa dhe-dss dh-rsa dh-dss ecdhe-ecdsa ecdhe-rsa ecdh-ecdsa ecdh-rsa restrictions for asymmetric keys (integers) rsa-min dh-min dsa-min constraints on ssl protocols versions (integers) tls-version-min tls-version-max constraints on dtls protocols versions (integers) dtls-version-min dtls-version-max policy flags for algorithms ssl ssl-key-exchange key-exchange cert-signature signature all none ...
Enc Dec MAC Output Public Key as CSR
ertificaterequestattributes(cr); /* der encode the request */ encoding = sec_asn1encodeitem(arena, null, cr, sec_asn1_get(cert_certificaterequesttemplate)); if (encoding == null) { pr_fprintf(pr_stderr, "der encoding of request failed\n"); rv = secfailure; goto cleanup; } /* sign the request */ signalgtag = sec_getsignaturealgorithmoidtag(keytype, hashalgtag); if (signalgtag == sec_oid_unknown) { pr_fprintf(pr_stderr, "unknown key or hash type\n"); rv = secfailure; goto cleanup; } rv = sec_dersigndata(arena, &result, encoding->data, encoding->len, privk, signalgtag); if (rv) { pr_fprintf(pr_stderr, "signing of data failed\n"); rv = secf...
nss tech note5
<big>sign & verify data</big> seckeyprivatekey *pvtkey; secitem signature; secitem data; secstatus s = pk11_sign(pvtkey, &signature, &data); seckeypublickey *pubkey; secstatus s = pk11_verify(pubkey, &signature, &data, null); misc useful functions get the best wrapping mechanism supported by a slot ck_mechanism_type mech = pk11_getbestwrapmechanism(pk11slotinfo *slot); <big>get the best slot for a certain mechanism</big> pk11slotinfo* slot ...
Overview of NSS
rsa standard that governs the application of cryptography to data, for example digital signatures and digital envelopes.
PKCS 7 functions
later sec_pkcs7getsigneremailaddress mxr 3.4 and later sec_pkcs7getsigningtime mxr 3.4 and later sec_pkcs7includecertchain mxr 3.2 and later sec_pkcs7iscontentempty mxr 3.2 and later sec_pkcs7setcontent mxr 3.4 and later sec_pkcs7verifydetachedsignature mxr 3.4 and later sec_pkcs7verifysignature mxr 3.2 and later secmime_decryptionallowed mxr 3.4 and later ...
FC_DecryptVerifyUpdate
description fc_decryptverifyupdate continues a multi-part decryption and and signature verification operation.
FC_SignEncryptUpdate
description fc_signencryptupdate continues a multi-part signature and encryption operation.
FC_SignInit
description fc_signinit initializes a signature operation.
FC_SignRecoverInit
description fc_signrecoverinit initializes a initializes a signature operation where the (digest) data can be recovered from the signature.
FC_VerifyInit
description fc_verifyinit initializes a verification operation where the signature is an appendix to the data.
FC_VerifyRecoverInit
description fc_verifyrecoverinit initializes a signature verification operation where the (digest) data can be recovered from the signature.
NSS tools : modutil
o with the -jar command, signatures on the jar file are not checked.
NSS tools : pk12util
id encryption algorithm: pkcs #12 v2 pbe with sha-1 and 3key triple des-cbc parameters: salt: 45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f iteration count: 1 (0x1) certificate: data: version: 3 (0x2) serial number: 13 (0xd) signature algorithm: pkcs #1 sha-1 with rsa encryption issuer: "e=personal-freemail@thawte.com,cn=thawte personal freemail c a,ou=certification services division,o=thawte consulting,l=cape t own,st=western cape,c=za" alternatively, the -r prints the certificates and then exports them into separate der binary files.
NSS reference
te cert_destroycertificate sec_deletepermcertificate __cert_closepermcertdb getting certificate information cert_findcertbyname cert_getcertnicknames cert_freenicknames cert_getdefaultcertdb nss_findcertkeatype comparing secitem objects secitem_compareitem key functions key functions seckey_getdefaultkeydb seckey_destroyprivatekey digital signatures this api consists of the routines used to perform signature generation and the routines used to perform signature verification.
NSS Tools
source, documentation, signver 1.1 verify signatures on digitally-signed objects.
Utility functions
efrombuf mxr 3.2 and later sec_asn1encoderstart mxr 3.2 and later sec_asn1encoderupdate mxr 3.2 and later sec_asn1encodeunsignedinteger mxr 3.11.1 and later sec_asn1lengthlength mxr 3.2 and later sec_dupcrl mxr 3.9 and later sec_getsignaturealgorithmoidtag mxr 3.10 and later sec_getregisteredhttpclient mxr 3.12 and later sec_pkcs5getcryptoalgorithm mxr 3.2 and later sec_pkcs5getkeylength mxr 3.2 and later sec_pkcs5getpbealgorithm mxr 3.2 and later sec_pkcs5isalgorithmpbealg mxr 3.2 an...
NSS Tools modutil
with the -jar command, signatures on the jar file will not be checked.
NSS tools : modutil
MozillaProjectsNSStoolsmodutil
o with the -jar command, signatures on the jar file are not checked.
NSS tools : pk12util
id encryption algorithm: pkcs #12 v2 pbe with sha-1 and 3key triple des-cbc parameters: salt: 45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f iteration count: 1 (0x1) certificate: data: version: 3 (0x2) serial number: 13 (0xd) signature algorithm: pkcs #1 sha-1 with rsa encryption issuer: "e=personal-freemail@thawte.com,cn=thawte personal freemail c a,ou=certification services division,o=thawte consulting,l=cape t own,st=western cape,c=za" ....
Personal Security Manager (PSM)
these operations include setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), and other common pki functions.
Scripting Java
here is the simplified runnable example: js> t = java.lang.thread(function () { print("\nrunning"); }); thread[thread-0,5,main] js> t.start() js> running rhino also allows use of javascript functions as implementations of java interfaces with more than one method if all the methods have the same signature.
GC Rooting Guide
the simplest approach is to use js::persistentrooted (usable on anything with a trace method with the appropriate signature): js::persistentrooted<myowningstruct> immortalstruct; but note that js::persistentrooted in a struct or class is a rather dangerous thing to use -- it will keep a gc thing alive, and most gc things end up keeping their global alive, so if your class/struct is reachable in any way from that global, then nothing will ever be cleaned up by the gc.
JSAPI User Guide
js_destroycontext(cx); js_destroyruntime(rt); js_shutdown(); return status; } each jsnative has the same signature, regardless of what arguments it expects to receive from javascript.
JS::CallArgs
then, when an eventual release making that change occurs, porting efforts will require changing methods' signatures but won't require invasive changes to the methods' implementations, potentially under time pressure.
JSClass.flags
jsclass_mark_is_trace obsolete since jsapi 5 indicates that the mark hook implements the new jstraceop signature instead of the old jsmarkop signature.
JS_GetClass
newer versions have removed the context argument, so that the same signature is used regardless whether or not the build is thread-safe.
JS_Init
in the past js_init once had the signature jsruntime * js_init(uint32_t maxbytes) and was used to create new jsruntime instances.
SpiderMonkey 1.8.8
many jsapi types, functions, and callback signatures have changed, though most of them still have the same names and do the same things.
SpiderMonkey 1.8
native functions may implement the new callback signature jsfastnative instead of jsnative.
SpiderMonkey 17
many jsapi types, functions, and callback signatures have changed, though most of them still have the same names and do the same things.
SpiderMonkey 38
many jsapi types, functions, and callback signatures have changed, though most functions that have changed still have the same names and implement essentially unchanged functionality.
SpiderMonkey 45
many jsapi types; functions, and callback signatures, have changed though most functions that have retain their previous name, providing relatively unchanged functionality.
Mozilla Projects
these operations include setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), and other common pki functions.
Places Developer Guide
the api signature and context usually make clear which is required.
Creating a Python XPCOM component
# _reg_clsid_ = "{a new clsid generated for this object}" # _reg_contractid_ = "the.object.name" def get_value( self ): # result: string pass def set_value( self, param0 ): # result: void - none # in: param0: string pass as you can see, the output is valid python code, with basic signatures and useful comments for each of the methods.
Finishing the Component
this works fine in any gecko installation where a contract guarantees that the interface that was compiled against has the same signature.
Starting WebLock
there are times, of course, when you cannot use these macros-as when two interfaces share the same method signatures.
Introduction to XPCOM for the DOM
indeed, if someone decides to change the name or the signature of the methods you use, you will have to change all the calls to those methods throughout your code.
nsresult
as a result, it was possible for code to misuse it, such as returning an nsresult value from a function whose signature indicates it returns a boolean.
XPCOM glue classes
if there is no base class method with the same signature, a compiler with static-checking enabled will fail to compile.ns_postconditionmacrons_preconditionmacronsacstringthe nsacstring abstract class represents a character string composed of single-byte storage units.
nsICryptoHMAC
netwerk/base/public/nsicryptohmac.idlscriptable this interface provides hmac signature algorithms.
nsIProcess
processsignature unsigned long the process signature.
nsIXPCException
the call signature of the constructor is: components.exception(message, result, stack, data, inner) all parameters are optional and the appropriate placeholder is 'unknown'.
XPCOM Interface Reference
e2nsidomstorageeventobsoletensidomstorageitemnsidomstoragelistnsidomstoragemanagernsidomstoragewindownsidomuserdatahandlernsidomwindownsidomwindow2nsidomwindowinternalnsidomwindowutilsnsidomxpathevaluatornsidomxpathexceptionnsidomxpathexpressionnsidomxpathresultnsidomxulcontrolelementnsidomxulelementnsidomxullabeledcontrolelementnsidomxulselectcontrolelementnsidomxulselectcontrolitemelementnsidatasignatureverifiernsidebugnsidebug2nsidevicemotionnsidevicemotiondatansidevicemotionlistenernsidialogcreatornsidialogparamblocknsidictionarynsidirindexnsidirindexlistenernsidirindexparsernsidirectoryenumeratornsidirectoryiteratornsidirectoryservicensidirectoryserviceprovidernsidirectoryserviceprovider2nsidiskcachestreaminternalnsidispatchsupportnsidocshellnsidocumentloadernsidownloadnsidownloadhistorynsidow...
Storage
both of these methods have similar signatures that accept an object as input that receives notifications the execution of the statement(s).
Status, Recent Changes, and Plans
added an entire section to the getting started guide on nscomptrs in function signatures added references to recent bugs influencing the use of nscomptr machinery: bug 59212, and bug 59414 fixed comparisons 1 and 3, as per comments by morten welinder updated examples to prefer direct initialization over copy initialization.
XPIDL
common changes to an interface, such as changes to a method signature, number of arguments, and number or type of attributes, automatically require an iid change.
Using the Multiple Accounts API
preference: mail.identity.identity.attach_signature - boolean, should we attach the signature?
Using Objective-C from js-ctypes
k-abi-apple.html var block_literal_1 = ctypes.structtype('block_literal_1', [ { isa: ctypes.voidptr_t }, { flags: ctypes.int32_t }, { reserved: ctypes.int32_t }, { invoke: ctypes.voidptr_t }, { descriptor: block_descriptor_1.ptr } ]); var block_const = { block_has_copy_dispose: 1 << 25, block_has_ctor: 1 << 26, block_is_global: 1 << 28, block_has_stret: 1 << 29, block_has_signature: 1 << 30 }; // based on work from here: https://github.com/trueinteractions/tint2/blob/f6ce18b16ada165b98b07869314dad1d7bee0252/modules/bridge/core.js#l370-l394 var bl = block_literal_1(); // set the class of the instance bl.isa = _nsconcreteglobalblock; // global flags bl.flags = block_const.block_has_stret; bl.reserved = 0; bl.invoke = afunctypeptr; // create descriptor var desc ...
Using js-ctypes
components.utils.import("resource://gre/modules/ctypes.jsm"); var lib = ctypes.open("c:\\windows\\system32\\user32.dll"); /* declare the signature of the function we are going to call */ var msgbox = lib.declare("messageboxw", ctypes.winapi_abi, ctypes.int32_t, ctypes.int32_t, ctypes.jschar.ptr, ctypes.jschar.ptr, ctypes.int32_t); var mb_ok = 0; var ret = msgbox(0, "hello world", "title", mb_...
PKCS #11 Netscape Trust Objects - Network Security Services
cka_trust_digital_signature ck_trust level of trust for digital signature key usage purpose.
CryptoKey - Web APIs
WebAPICryptoKey
"verify": the key may be used to verify signatures.
CryptoKeyPair - Web APIs
for signing and verification algorithms it is used to verify signatures.
Document.open() - Web APIs
WebAPIDocumentopen
this call, for example opens github.com in a new window, with its opener set to null: document.open('https://www.github.com','', 'noopener=true') two-argument document.open() browsers used to support a two-argument document.open(), with the following signature: document.open(type, replace) where type specified the mime type of the data you are writing (e.g.
Using IndexedDB - Web APIs
other and older implementations don't implement the current version of the spec, and thus do not support the indexeddb.open(name, version).onupgradeneeded signature yet.
Navigator.msLaunchUri() - Web APIs
successcallbackoptional a function matching the signature of mslaunchuricallback to be executed if the protocol handler is present.
PublicKeyCredentialCreationOptions.challenge - Web APIs
note: when the credential is retrieved with a navigator.credentials.get() call, the signature of the challenge is contained in authenticatorassertionresponse.signature.
PublicKeyCredentialCreationOptions.pubKeyCredParams - Web APIs
these objects define the type of public-key and the algorithm used for cryptographic signature operations.
PublicKeyCredentialRequestOptions.extensions - Web APIs
the client outputs the hash of the content which was displayed (hashing with the same algorithm which is used for the signature).
PublicKeyCredentialRequestOptions - Web APIs
this value will be signed by the authenticator and the signature will be sent back as part of authenticatorassertionresponse.signature.
PushManager.permissionState() - Web APIs
this value is part of a signing key pair generated by your application server and usable with elliptic curve digital signature (ecdsa) over the p-256 curve.
PushSubscription.options - Web APIs
this value is part of a signing key pair generated by your application server, and usable with elliptic curve digital signature (ecdsa), over the p-256 curve.
RTCPeerConnection.setLocalDescription() - Web APIs
errorcallback a function matching the signature rtcpeerconnectionerrorcallback which gets called if the description can't be set.
SubtleCrypto.deriveKey() - Web APIs
verify: the key may be used to verify signatures.
SubtleCrypto.generateKey() - Web APIs
verify: the key may be used to verify signatures.
SubtleCrypto.importKey() - Web APIs
verify: the key may be used to verify signatures.
SubtleCrypto.unwrapKey() - Web APIs
verify: the key may be used to verify signatures.
How to check the security state of an XMLHTTPRequest over SSL - Web APIs
20: // sec_error_untrusted_issuer, sec(20) case 21: // sec_error_untrusted_cert, sec(21) case 36: // sec_error_ca_cert_invalid, sec(36) errname = 'securityuntrustedcertificateissuererror'; break; case 90: // sec_error_inadequate_key_usage, sec(90) errname = 'securityinadequatekeyusageerror'; break; case 176: // sec_error_cert_signature_algorithm_disabled, sec(176) errname = 'securitycertificatesignaturealgorithmdisablederror'; break; default: errname = 'securityerror'; break; } } else { // calculating the difference let sslerr = math.abs(nsinsserrorsservice.nss_ssl_error_base) - (status & 0xffff); switch (sslerr) { case 3: // ssl_error_no_certifi...
Synchronous and asynchronous requests - Web APIs
*/) { var xhr = new xmlhttprequest(); xhr.callback = callback; xhr.arguments = array.prototype.slice.call(arguments, 2); xhr.onload = xhrsuccess; xhr.onerror = xhrerror; xhr.open("get", url, true); xhr.send(null); } usage: function showmessage(message) { console.log(message + this.responsetext); } loadfile("message.txt", showmessage, "new message!\n\n"); the signature of the utility function loadfile declares (i) a target url to read (via an http get request), (ii) a function to execute on successful completion of the xhr operation, and (iii) an arbitrary list of additional arguments that are passed through the xhr object (via the arguments property) to the success callback function.
<keygen> - HTML: Hypertext Markup Language
WebHTMLElementkeygen
publickeyandchallenge ::= sequence { spki subjectpublickeyinfo, challenge ia5string } signedpublickeyandchallenge ::= sequence { publickeyandchallenge publickeyandchallenge, signaturealgorithm algorithmidentifier, signature bit string } the public key and challenge string are der encoded as publickeyandchallenge, and then digitally signed with the private key to produce a signedpublickeyandchallenge.
HTTP authentication - HTTP
bearer see rfc 6750, bearer tokens to access oauth 2.0-protected resources digest see rfc 7616, only md5 hashing is supported in firefox, see bug 472823 for sha encryption support hoba see rfc 7486, section 3, http origin-bound authentication, digital-signature-based mutual see rfc 8120 aws4-hmac-sha256 see aws docs basic authentication scheme the "basic" http authentication scheme is defined in rfc 7617, which transmits credentials as user id/password pairs, encoded using base64.
Index - HTTP
WebHTTPHeadersIndex
107 trailer http, reference, header the trailer response header allows the sender to include additional fields at the end of chunked messages in order to supply metadata that might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing status.
Trailer - HTTP
WebHTTPHeadersTrailer
the trailer response header allows the sender to include additional fields at the end of chunked messages in order to supply metadata that might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing status.
HTTP Index - HTTP
WebHTTPIndex
188 trailer http, reference, header the trailer response header allows the sender to include additional fields at the end of chunked messages in order to supply metadata that might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing status.
Promise - JavaScript
the signatures of these two functions are simple, they accept a single parameter of any type.
Destructuring assignment - JavaScript
setting a function parameter's default value function drawchart({size = 'big', coords = {x: 0, y: 0}, radius = 25} = {}) { console.log(size, coords, radius); // do some chart drawing } drawchart({ coords: {x: 18, y: 30}, radius: 30 }); in the function signature for drawchart above, the destructured left-hand side is assigned to an empty object literal on the right-hand side: {size = 'big', coords = {x: 0, y: 0}, radius = 25} = {}.
Transport Layer Security - Web security
numerous mechanisms have been disabled: renegotiation, generic data compression, digital signature algorithm (dsa) certificates, static rsa key exchange, and key exchange with custom diffie-hellman (dh) groups.
Exported WebAssembly functions - WebAssembly
some other particulars to be aware of with exported webassembly functions: their length property is the number of declared arguments in the wasm function signature.
Compiling from Rust to WebAssembly - WebAssembly
the third line is a function signature, written in rust.