On 03/23/2011 02:02 PM, Honza Bambas wrote: > On 3/23/2011 9:32 PM, Crypto User wrote: >> On Mar 23, 12:05 pm, Honza Bambas<honzab....@firemni.cz> wrote: >>> On 3/22/2011 10:29 PM, Crypto User wrote:> Hi , >>>> I am trying to create APIS which will provide Hashing functionality >>>> to end user. I am using NSS to provide this on Linux. >>>> I was trying to find the correct APIs in NSS to provide this >>>> functionality and I was confused. >>>> There seem to be different APIs. >>>> E.g CreateDigestContext(SECOidTag hashAlg) and related APIs in >>>> https://developer.mozilla.org/en/NSS/Cryptography_functions >>>> or >>>> MD5_Begin() and related hash API from >>>> http://mxr.mozilla.org/security/source/security/nss/lib/freebl/md5.c >>>> and other hashing alg files. >>>> Which one should be used ? >>>> Thanks >>> Probably a good example of how to use NSS api is to look at the XPCOM >>> wrappers >>> here:http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/sr... >>> >>> Just check HASH_* function calls. >>> >>> Also this header might tell you what you >>> need:http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/freebl... >>> >>> -hb- >> But the document on the mozilla website >> httpp://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html >> talks about using >> pk11_digest* APIs. >> Are they uoutdated/not to be used? >> Should we use freebl library instead? >> Thanks >> -A > > HASH_* functions are wrapping the PK11_*Digest* functions. > PK11_*Digest* should prevail as those are used to access PKCS#11 > modules in a way simpler then calling directly C_* functions on the > token for you. > > I am not expert to NSS API, at least I don't know much about plans how > it is going to evolve in next versions. Personally I would pick > PK11_*, but someone more dedicated to NSS should answer this.
Both interfaces will continue to be supported. The HASH_ functions have the advantage to allow oid based Hash selections, so if you usage used DER or other oids, your application can be written to support new hash functions as they become available. If you just need one hash function in particular you can use either the HASH_ or the PK11_ functions depending on your own needs. bob
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
