On 23.03.11 23:32, Crypto User wrote:
On Mar 23, 12:05 pm, Honza Bambas<honzab....@firemni.cz> wrote:
On 3/22/2011 10:29 PM, Crypto User wrote:> Hi ,
I am trying to create APIS which will provide Hashing functionality to end
user. I am using NSS to provide this on Linux.
I was trying to find the correct APIs in NSS to provide this functionality and
I was confused.
NSS already provides hashing functionality, even to end user. Why do you create
a wrapping one ?
MD5_Begin() and related hash API from [freebl] and other hashing alg files.
Just check HASH_* function calls.
I do *not* recommend using HASH_* family of functions, because they discard
error codes, returned by the PKCS#11 layer. If something goes wrong, you will
not note this.
But the document on the mozilla website [TN5] talks about using pk11_digest*
APIs. Are they uoutdated/not to be used? Should we use freebl library instead?
PK11_* family of functions are poorly documented wrappers around PKCS#11 calls.
The wrapper intended to manage multiple PKCS#11 modules the NSS deals with.
But, in your case, NSS builtin PKCS#11 module (softoken) is enough.
I would recommend you call PKCS#11/softoken layer directly. This is safe,
stable and well documented. Additionally, this approach avoids loading
libnss3.so.
Using freebl library directly is also safe. The freebl interface is stable
enough, as Robert Relyea pointed recently in this forum.
Keep well,
Konstantin
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
