security/nss/lib/ckfw/nssmkey/README@b8a032363ba2
security/nss/lib/ckfw/nssmkey/README
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 This Cryptoki module provides acces to certs and keys stored in
2 Macintosh key Ring.
4 - It does not yet export PKCS #12 keys. To get this to work should be
5 implemented using exporting the key object in PKCS #8 wrapped format.
6 PSM work needs to happen before this can be completed.
7 - It does not import or export CA Root trust from the mac keychain.
8 - It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
9 - The AuthRoots don't show up on the default list.
10 - Only RSA keys are supported currently.
12 There are a number of things that have not been tested that other PKCS #11
13 apps may need:
14 - reading Modulus and Public Exponents from private keys and public keys.
15 - storing public keys.
16 - setting attributes other than CKA_ID and CKA_LABEL.
18 Other TODOs:
19 - Check for and plug memory leaks.
20 - Need to map mac errors into something more intellegible than
21 CKR_GENERAL_ERROR.
