NSS reference¶
Initial Notes¶
We are migrating the OLD SSL Reference into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.
The proposed chapters below are based on the chapters of the OLD SSL Reference and the categories of functions in NSS functions.
Should a particular page require the use of an underscore, please see the documentation for the Title Override Extension.
Building and installing NSS¶
Overview of an NSS application¶
Based on sslintro in the SSL Reference.
Getting started with NSS¶
Based on gtstd in the SSL Reference.
Data types¶
Based on ssltyp in the SSL Reference.
NSS initialization and shutdown¶
NSS_Init
NSS_InitReadWrite
NSS_NoDB_Init
NSS_Shutdown
Utility functions¶
Based on mozilla_projects_nss_reference_nss_functions#utility_functions in NSS Public Functions.
Certificate functions¶
Based on sslcrt in the SSL Reference and mozilla_projects_nss_reference_nss_functions#certificate_functions in NSS Public Functions.
mozilla_projects_nss_reference_nss_certificate_functions#validating_certificates
mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycertnow
mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycert
mozilla_projects_nss_reference_nss_certificate_functions#cert_verifycertname
mozilla_projects_nss_reference_nss_certificate_functions#cert_checkcertvalidtimes
mozilla_projects_nss_reference_nss_certificate_functions#nss_cmpcertchainwcanames
mozilla_projects_nss_reference_nss_certificate_functions#manipulating_certificates
mozilla_projects_nss_reference_nss_certificate_functions#cert_dupcertificate
mozilla_projects_nss_reference_nss_certificate_functions#cert_destroycertificate
SEC_DeletePermCertificate
__CERT_ClosePermCertDB
mozilla_projects_nss_reference_nss_certificate_functions#getting_certificate_information
mozilla_projects_nss_reference_nss_certificate_functions#cert_findcertbyname
mozilla_projects_nss_reference_nss_certificate_functions#cert_getcertnicknames
mozilla_projects_nss_reference_nss_certificate_functions#cert_freenicknames
mozilla_projects_nss_reference_nss_certificate_functions#cert_getdefaultcertdb
mozilla_projects_nss_reference_nss_certificate_functions#nss_findcertkeatype
mozilla_projects_nss_reference_nss_certificate_functions#comparing_secitem_objects
mozilla_projects_nss_reference_nss_certificate_functions#secitem_compareitem
Key functions¶
mozilla_projects_nss_ssl_functions_sslkey#seckey_getdefaultkeydb
mozilla_projects_nss_ssl_functions_sslkey#seckey_destroyprivatekey
Digital signatures¶
This API consists of the routines used to perform signature generation and the routines used to perform signature verification.
Encryption/decryption¶
Hashing¶
Key generation¶
Generate keys, key pairs, and domain parameters.
Random number generation¶
This API consists of the two routines used for pseudorandom number generation – PK11_GenerateRandomOnSlot and PK11_GenerateRandom – and the two routines used for seeding pseudorandom number generation – PK11_SeedRandom and PK11_RandomUpdate.
PKCS #11 functions¶
Based on pkfnc in the SSL Reference and mozilla_projects_nss_reference_nss_functions#cryptography_functions in NSS Public Functions.
mozilla_projects_nss_pkcs11_functions#secmod_loadusermodule
mozilla_projects_nss_pkcs11_functions#secmod_unloadusermodule
mozilla_projects_nss_pkcs11_functions#secmod_closeuserdb
mozilla_projects_nss_pkcs11_functions#secmod_openuserdb
mozilla_projects_nss_pkcs11_functions#pk11_findcertfromnickname
mozilla_projects_nss_pkcs11_functions#pk11_findkeybyanycert
mozilla_projects_nss_pkcs11_functions#pk11_getslotname
mozilla_projects_nss_pkcs11_functions#pk11_gettokenname
mozilla_projects_nss_pkcs11_functions#pk11_ishw
mozilla_projects_nss_pkcs11_functions#pk11_ispresent
mozilla_projects_nss_pkcs11_functions#pk11_isreadonly
mozilla_projects_nss_pkcs11_functions#pk11_setpasswordfunc
SSL Functions¶
Based on sslfnc in the SSL Reference and mozilla_projects_nss_reference_nss_functions#ssl_functions and mozilla_projects_nss_reference_nss_functions#deprecated_ssl_functions in NSS Public Functions.
SSL_ConfigServerSessionIDCache
SSL_ClearSessionCache
S/MIME¶
Based on the S/MIME Reference (which only has one written chapter) and mozilla_projects_nss_reference_nss_functions#s_2fmime_functions in NSS Public Functions.
PKCS #7 functions¶
PKCS #5 functions¶
Password-based encryption
SEC_PKCS5GetIV
SEC_PKCS5CreateAlgorithmID
SEC_PKCS5GetCryptoAlgorithm
SEC_PKCS5GetKeyLength
SEC_PKCS5GetPBEAlgorithm
SEC_PKCS5IsAlgorithmPBEAlg
PKCS #12 functions¶
Based on “Archived PKCS #12 Functions documentation.” Used to exchange data such as private keys and certificates between two parties.
SEC_PKCS12CreateExportContext
SEC_PKCS12CreatePasswordPrivSafe
SEC_PKCS12CreateUnencryptedSafe
SEC_PKCS12AddCertAndKey
SEC_PKCS12AddPasswordIntegrity
SEC_PKCS12EnableCipher
SEC_PKCS12Encode
SEC_PKCS12DestroyExportContext
SEC_PKCS12DecoderStart
SEC_PKCS12DecoderImportBags
SEC_PKCS12DecoderUpdate
SEC_PKCS12DecoderFinish
SEC_PKCS12DecoderValidateBags
SEC_PKCS12DecoderVerify
SEC_PKCS12DecoderGetCerts
SEC_PKCS12DecoderSetTargetTokenCAs
SEC_PKCS12DecoderIterateInit
SEC_PKCS12DecoderIterateNext
SEC_PKCS12IsEncryptionAllowed
SEC_PKCS12SetPreferredCipher
NSPR functions¶
A small number of NSPR functions are required for using the certificate verification and SSL functions in NSS. These functions are listed in this section.
Error codes¶
Based on sslerr in the SSL Reference.