security/nss/lib/ckfw/nssmkey/README@6474c204b198
security/nss/lib/ckfw/nssmkey/README
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 This Cryptoki module provides acces to certs and keys stored in
2 Macintosh key Ring.
4 - It does not yet export PKCS #12 keys. To get this to work should be
5 implemented using exporting the key object in PKCS #8 wrapped format.
6 PSM work needs to happen before this can be completed.
7 - It does not import or export CA Root trust from the mac keychain.
8 - It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
9 - The AuthRoots don't show up on the default list.
10 - Only RSA keys are supported currently.
12 There are a number of things that have not been tested that other PKCS #11
13 apps may need:
14 - reading Modulus and Public Exponents from private keys and public keys.
15 - storing public keys.
16 - setting attributes other than CKA_ID and CKA_LABEL.
18 Other TODOs:
19 - Check for and plug memory leaks.
20 - Need to map mac errors into something more intellegible than
21 CKR_GENERAL_ERROR.
