NSS reference

Initial Notes

• We are migrating the OLD SSL Reference into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.

• The proposed chapters below are based on the chapters of the OLD SSL Reference and the categories of functions in NSS functions.

• Should a particular page require the use of an underscore, please see the documentation for the Title Override Extension.

Building and installing NSS

Building and installing NSS

Overview of an NSS application

Based on sslintro in the SSL Reference.

Getting started with NSS

Based on gtstd in the SSL Reference.

Data types

Based on ssltyp in the SSL Reference.

NSS initialization and shutdown

• NSS_Init

• NSS_InitReadWrite

• NSS_NoDB_Init

• NSS_Initialize

• NSS_Shutdown

Utility functions

Based on mozilla_projects_nss_reference_nss_functions#utility_functions in NSS Public Functions.

Certificate functions

Based on sslcrt in the SSL Reference and mozilla_projects_nss_reference_nss_functions#certificate_functions in NSS Public Functions.

• mozilla_projects_nss_reference_nss_certificate_functions#validating_certificates

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycertnow

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycert

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycertname

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_checkcertvalidtimes

  • mozilla_projects_nss_reference_nss_certificate_functions#nss_cmpcertchainwcanames

• mozilla_projects_nss_reference_nss_certificate_functions#manipulating_certificates

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_dupcertificate

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_destroycertificate

  • SEC_DeletePermCertificate

  • __CERT_ClosePermCertDB

• mozilla_projects_nss_reference_nss_certificate_functions#getting_certificate_information

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_findcertbyname

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_getcertnicknames

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_freenicknames

  • mozilla_projects_nss_reference_nss_certificate_functions#cert_getdefaultcertdb

  • mozilla_projects_nss_reference_nss_certificate_functions#nss_findcertkeatype

• mozilla_projects_nss_reference_nss_certificate_functions#comparing_secitem_objects

  • mozilla_projects_nss_reference_nss_certificate_functions#secitem_compareitem

Key functions

NSS Key Functions

• mozilla_projects_nss_ssl_functions_sslkey#seckey_getdefaultkeydb

• mozilla_projects_nss_ssl_functions_sslkey#seckey_destroyprivatekey

Digital signatures

This API consists of the routines used to perform signature generation and the routines used to perform signature verification.

Encryption/decryption

Hashing

Key generation

Generate keys, key pairs, and domain parameters.

Random number generation

This API consists of the two routines used for pseudorandom number generation – PK11_GenerateRandomOnSlot and PK11_GenerateRandom – and the two routines used for seeding pseudorandom number generation – PK11_SeedRandom and PK11_RandomUpdate.

PKCS #11 functions

Based on pkfnc in the SSL Reference and mozilla_projects_nss_reference_nss_functions#cryptography_functions in NSS Public Functions.

• mozilla_projects_nss_pkcs11_functions#secmod_loadusermodule

• mozilla_projects_nss_pkcs11_functions#secmod_unloadusermodule

• mozilla_projects_nss_pkcs11_functions#secmod_closeuserdb

• mozilla_projects_nss_pkcs11_functions#secmod_openuserdb

• mozilla_projects_nss_pkcs11_functions#pk11_findcertfromnickname

• mozilla_projects_nss_pkcs11_functions#pk11_findkeybyanycert

• mozilla_projects_nss_pkcs11_functions#pk11_getslotname

• mozilla_projects_nss_pkcs11_functions#pk11_gettokenname

• mozilla_projects_nss_pkcs11_functions#pk11_ishw

• mozilla_projects_nss_pkcs11_functions#pk11_ispresent

• mozilla_projects_nss_pkcs11_functions#pk11_isreadonly

• mozilla_projects_nss_pkcs11_functions#pk11_setpasswordfunc

SSL Functions

Based on sslfnc in the SSL Reference and mozilla_projects_nss_reference_nss_functions#ssl_functions and mozilla_projects_nss_reference_nss_functions#deprecated_ssl_functions in NSS Public Functions.

• SSL_ConfigServerSessionIDCache

• SSL_ClearSessionCache

S/MIME

Based on the S/MIME Reference (which only has one written chapter) and mozilla_projects_nss_reference_nss_functions#s_2fmime_functions in NSS Public Functions.

PKCS #7 functions

Based on “Archived PKCS #7 Functions documentation.”

PKCS #5 functions

Password-based encryption

• SEC_PKCS5GetIV

• SEC_PKCS5CreateAlgorithmID

• SEC_PKCS5GetCryptoAlgorithm

• SEC_PKCS5GetKeyLength

• SEC_PKCS5GetPBEAlgorithm

• SEC_PKCS5IsAlgorithmPBEAlg

PKCS #12 functions

Based on “Archived PKCS #12 Functions documentation.” Used to exchange data such as private keys and certificates between two parties.

• SEC_PKCS12CreateExportContext

• SEC_PKCS12CreatePasswordPrivSafe

• SEC_PKCS12CreateUnencryptedSafe

• SEC_PKCS12AddCertAndKey

• SEC_PKCS12AddPasswordIntegrity

• SEC_PKCS12EnableCipher

• SEC_PKCS12Encode

• SEC_PKCS12DestroyExportContext

• SEC_PKCS12DecoderStart

• SEC_PKCS12DecoderImportBags

• SEC_PKCS12DecoderUpdate

• SEC_PKCS12DecoderFinish

• SEC_PKCS12DecoderValidateBags

• SEC_PKCS12DecoderVerify

• SEC_PKCS12DecoderGetCerts

• SEC_PKCS12DecoderSetTargetTokenCAs

• SEC_PKCS12DecoderIterateInit

• SEC_PKCS12DecoderIterateNext

• SEC_PKCS12IsEncryptionAllowed

• SEC_PKCS12SetPreferredCipher

NSPR functions

A small number of NSPR functions are required for using the certificate verification and SSL functions in NSS. These functions are listed in this section.

Error codes

Based on sslerr in the SSL Reference.

NSS Environment variables

NSS environment variables

NSS cryptographic module

NSS cryptographic module

NSS Tech Notes

NSS Tech Notes NSS Memory allocation

Tools

Based on NSS Tools documentation.

Based on NSS Tools