security/nss/lib/ckfw/nssmkey/README@6474c204b198 (annotated)
security/nss/lib/ckfw/nssmkey/README
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | This Cryptoki module provides acces to certs and keys stored in |
| michael@0 | 2 | Macintosh key Ring. |
| michael@0 | 3 | |
| michael@0 | 4 | - It does not yet export PKCS #12 keys. To get this to work should be |
| michael@0 | 5 | implemented using exporting the key object in PKCS #8 wrapped format. |
| michael@0 | 6 | PSM work needs to happen before this can be completed. |
| michael@0 | 7 | - It does not import or export CA Root trust from the mac keychain. |
| michael@0 | 8 | - It does not handle S/MIME objects (pkcs #7 in mac keychain terms?). |
| michael@0 | 9 | - The AuthRoots don't show up on the default list. |
| michael@0 | 10 | - Only RSA keys are supported currently. |
| michael@0 | 11 | |
| michael@0 | 12 | There are a number of things that have not been tested that other PKCS #11 |
| michael@0 | 13 | apps may need: |
| michael@0 | 14 | - reading Modulus and Public Exponents from private keys and public keys. |
| michael@0 | 15 | - storing public keys. |
| michael@0 | 16 | - setting attributes other than CKA_ID and CKA_LABEL. |
| michael@0 | 17 | |
| michael@0 | 18 | Other TODOs: |
| michael@0 | 19 | - Check for and plug memory leaks. |
| michael@0 | 20 | - Need to map mac errors into something more intellegible than |
| michael@0 | 21 | CKR_GENERAL_ERROR. |
