ModuleInterfaces
This is a draft
Module Ports
This is a software-only implementation. All keys, encrypted data and control information are exchanged through calls to library functions.
Module Interfaces
- S/MIME
Interfaces for S/MIME version 3 and PKCS#7 secure mail. Not part of the cryptographic boundary.
- SSL/TLS
Interfaces for Secure Sockets Layer and Transport Layer Security. Not part of the cryptographic boundary.
- Certificate
Used for high-level certificate calls, for example processing the parts of a certificate, and CRL management. Not part of cryptographic boundary.
- Key
High-level private/public key calls. Includes retrieving information about the key, such as its strength. Not part of cryptographic boundary.
- Crypto
Provides high-level access to hashing, signature, and verification operations. Not part of cryptographic boundary.
- PKCS #12
Interface for PKCS #12, Personal Information Storage and Retrieval. Used to allow import/export of certificates and private keys in a secure manner. Below cryptographic boundary.
- PKCS #11
This defines NSS's PKCS#11 (Cryptoki) implementation. The API itself is considered to "define" the cryptographic boundary, thus all implementation is considered below the boundary. Also included in this module is the FIPS PKCS#11 token. This is a Cryptoki token designed specifically for FIPS, and allows applications using NSS to operate in a strictly FIPS-mode.
- CRMF
Interfaces for CRMF/CMMF. Not part of cryptographic boundary.
- JAR
Signed object interface. Not part of cryptographic boundary.