http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf
I hope this document describes this correctly. If so, it verifies my guess that NSS does use any operating-system tricks to protect "soft" keys. Probably that's the price you have to stay platform-independent. AFAICT, MSIE's soft tokens should be harder than Firefox's. If I manage to get the following running http://android-keystore-v2.webpki.org Android soft keys should be comparable to MSIE's. Anders ----- Original Message ----- From: "Anders Rundgren" <anders.rundg...@telia.com> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Thursday, July 16, 2009 09:28 Subject: Clarification of NSS's soft token key protection scheme Would it be possible to get a description of this? Cheers, Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
