Initial Notes
- We are migrating the SSL Reference into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.
- The proposed chapters below are based on the chapters of the SSL Reference and the categories of functions in NSS Public Functions.
- Should a particular page require the use of an underscore, please see the documentation for the Title Override Extension.
Building and installing NSS
Overview of an NSS application
Based on "Overview of an SSL Application" in the SSL Reference.
Getting started with NSS
Based on "Getting Started With SSL" in the SSL Reference.
Data types
Based on "Selected SSL Types and Structures" in the SSL Reference.
NSS initialization and shutdown
- NSS_Init
- NSS_InitReadWrite
- NSS_NoDB_Init
- NSS_Initialize
- NSS_Shutdown
Utility functions
Based on "Utility Functions" in NSS Public Functions.
Certificate functions
Based on Certificate Functions in the SSL Reference and "Certificate Functions" in NSS Public Functions.
- Validating Certificates
- Manipulating Certificates
- CERT_DupCertificate
- CERT_DestroyCertificate
- SEC_DeletePermCertificate
- __CERT_ClosePermCertDB
- Getting Certificate Information
- Comparing SecItem Objects
Key functions
Digital signatures
This API consists of the routines used to perform signature generation and the routines used to perform signature verification.
Encryption/decryption
Hashing
Key generation
Generate keys, key pairs, and domain parameters.
Random number generation
This API consists of the two routines used for pseudorandom number generation -- PK11_GenerateRandomOnSlot and PK11_GenerateRandom -- and the two routines used for seeding pseudorandom number generation -- PK11_SeedRandom and PK11_RandomUpdate.
PKCS #11 functions
Based on PKCS #11 Functions in the SSL Reference and "Crypto Functions" in NSS Public Functions.
- SECMOD_LoadUserModule
- SECMOD_UnloadUserModule
- SECMOD_CloseUserDB
- SECMOD_OpenUserDB
- PK11_FindCertFromNickname
- PK11_FindKeyByAnyCert
- PK11_GetSlotName
- PK11_GetTokenName
- PK11_IsHW
- PK11_IsPresent
- PK11_IsReadOnly
- PK11_SetPasswordFunc
SSL Functions
Based on "SSL Functions" in the SSL Reference and "SSL Functions" and "Deprecated SSL Functions" in NSS Public Functions.
- SSL_ConfigServerSessionIDCache
- SSL_ClearSessionCache
S/MIME
Based on the S/MIME Reference (which only has one written chapter) and "S/MIME Functions" in NSS Public Functions.
PKCS #7 functions
Based on "Archived PKCS #7 Functions documentation."
PKCS #5 functions
Password-based encryption
- SEC_PKCS5GetIV
- SEC_PKCS5CreateAlgorithmID
- SEC_PKCS5GetCryptoAlgorithm
- SEC_PKCS5GetKeyLength
- SEC_PKCS5GetPBEAlgorithm
- SEC_PKCS5IsAlgorithmPBEAlg
PKCS #12 functions
Based on "Archived PKCS #12 Functions documentation." Used to exchange data such as private keys and certificates between two parties.
- SEC_PKCS12CreateExportContext
- SEC_PKCS12CreatePasswordPrivSafe
- SEC_PKCS12CreateUnencryptedSafe
- SEC_PKCS12AddCertAndKey
- SEC_PKCS12AddPasswordIntegrity
- SEC_PKCS12EnableCipher
- SEC_PKCS12Encode
- SEC_PKCS12DestroyExportContext
- SEC_PKCS12DecoderStart
- SEC_PKCS12DecoderImportBags
- SEC_PKCS12DecoderUpdate
- SEC_PKCS12DecoderFinish
- SEC_PKCS12DecoderValidateBags
- SEC_PKCS12DecoderVerify
- SEC_PKCS12DecoderGetCerts
- SEC_PKCS12DecoderSetTargetTokenCAs
- SEC_PKCS12DecoderIterateInit
- SEC_PKCS12DecoderIterateNext
- SEC_PKCS12IsEncryptionAllowed
- SEC_PKCS12SetPreferredCipher
NSPR functions
A small number of NSPR functions are required for using the certificate verification and SSL functions in NSS. These functions are listed in this section.
Error codes
Based on "NSS and SSL Error Codes" in the SSL Reference.
NSS Environment variables
NSS cryptographic module
NSS Tech Notes
NSS Tech Notes NSS Memory allocation
Tools
Based on NSS Tools documentation.