1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ckfw/nssmkey/README Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,21 @@
1.4 +This Cryptoki module provides acces to certs and keys stored in
1.5 +Macintosh key Ring.
1.6 +
1.7 +- It does not yet export PKCS #12 keys. To get this to work should be
1.8 + implemented using exporting the key object in PKCS #8 wrapped format.
1.9 + PSM work needs to happen before this can be completed.
1.10 +- It does not import or export CA Root trust from the mac keychain.
1.11 +- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
1.12 +- The AuthRoots don't show up on the default list.
1.13 +- Only RSA keys are supported currently.
1.14 +
1.15 +There are a number of things that have not been tested that other PKCS #11
1.16 +apps may need:
1.17 +- reading Modulus and Public Exponents from private keys and public keys.
1.18 +- storing public keys.
1.19 +- setting attributes other than CKA_ID and CKA_LABEL.
1.20 +
1.21 +Other TODOs:
1.22 +- Check for and plug memory leaks.
1.23 +- Need to map mac errors into something more intellegible than
1.24 + CKR_GENERAL_ERROR.
