Mozilla-JSS JCA Provider notes

<meta charset="utf-8"> <meta content="IE=Edge" http-equiv="X-UA-Compatible"> <script>(function(d) { d.className = d.className.replace(/\bno-js/, ''); })(document.documentElement);</script> <script src="//cdn.optimizely.com/js/237572123.js"></script> <title>JSS | MDN</title> <meta content="width=device-width, initial-scale=1" name="viewport"> <meta content="index, follow" name="robots"> <link href="/en-US/" rel="home"> <link href="#copyright" rel="copyright"> <link href="//mozorg.cdn.mozilla.net/media/css/tabzilla-min.css" rel="stylesheet"> <link href="https://developer.cdn.mozilla.net/media/css/mdn-min.css?build=822a130" media="all" rel="stylesheet"> <link href="https://developer.cdn.mozilla.net/media/css/wiki-min.css?build=822a130" media="all" rel="stylesheet"> <link href="/en-US/docs/Template:CustomCSS?raw=1" rel="stylesheet" type="text/css"> <meta content="website" property="og:type"> <meta content="https://developer.mozilla.org/media/redesign/img/opengraph-logo.png" property="og:image"> <meta content="Mozilla Developer Network" property="og:site_name"> <meta content="summary" name="twitter:card"> <meta content="https://developer.mozilla.org/media/redesign/img/opengraph-logo.png" name="twitter:image"> <meta content="@mozhacks" name="twitter:site"> <meta content="@mozhacks" name="twitter:creator"> <link href="https://developer.mozilla.org/en-US/search/xml" rel="search" title="Mozilla Developer Network" type="application/opensearchdescription+xml"> <link href="https://developer.cdn.mozilla.net/media/redesign/img/favicon144.png" rel="apple-touch-icon-precomposed" sizes="144x144"> <link href="https://developer.cdn.mozilla.net/media/redesign/img/favicon114.png" rel="apple-touch-icon-precomposed" sizes="114x114"> <link href="https://developer.cdn.mozilla.net/media/redesign/img/favicon72.png" rel="apple-touch-icon-precomposed" sizes="72x72"> <link href="https://developer.cdn.mozilla.net/media/redesign/img/favicon57.png" rel="apple-touch-icon-precomposed"> <link href="https://developer.cdn.mozilla.net/media/redesign/img/favicon32.png" rel="shortcut icon"> <link href="/en-US/docs/JSS$json" rel="alternate" type="application/json"> <link href="https://developer.mozilla.org/en-US/docs/JSS" rel="canonical"> <meta content="JSS" property="og:title"> <meta content="https://developer.mozilla.org/en-US/docs/JSS" property="og:url"> <meta content="https://developer.mozilla.org/en-US/docs/JSS" name="twitter:url"> <meta content="JSS" name="twitter:title"> <meta content="Network Security Services for Java (JSS) is a Java interface to NSS. JSS supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding." property="og:description"> <meta content="Network Security Services for Java (JSS) is a Java interface to NSS. JSS supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding." name="description"> <meta content="Network Security Services for Java (JSS) is a Java interface to NSS. JSS supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding." name="twitter:description"> <script type="text/javascript"> // http://cfsimplicity.com/61/removing-analytics-clutter-from-campaign-urls var removeUtms = function(){ var location = window.location; if (location.hash.indexOf('utm') != -1) { var anchor = location.hash.match(/#(?!utm)[^&]+/); anchor = anchor ? anchor[0] : ''; if(!anchor && window.history.replaceState){ history.replaceState({}, '', location.pathname + location.search); } else { location.hash = anchor; } } }; var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-36116321-5'], ['_setAllowAnchor', true], ['_setCustomVar', 8, 'docs navigator', 'Yes', 1], ['_trackPageview']); _gaq.push(removeUtms); (function(a, d) { var ga = d.createElement(a); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == d.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = d.getElementsByTagName(a)[0]; s.parentNode.insertBefore(ga, s); })('script', document); </script> <script type="text/javascript"> (function(){ var FLAGS = { 'derby_closed': true,'elasticsearch': true,'external_signup': false,'ga_outbound_links': true,'kumaediting': false,'l10ndashboard': false,'page_move': false,'redesign': true,'redesign_beta_notice': true,'search_doc_navigator': true }, SWITCHES = { 'apps_landing': true,'html5_landing': true,'home_mwc_promo': false,'apps-market-launch': true,'apps_promo': false,'labs_snippets_landing': false,'signin_metrics': true,'social_promo': true,'wiki_error_on_delete': false,'wiki_force_immediate_rendering': true }, SAMPLES = { }; window.waffle = { "flag_is_active": function waffle_flag(flag_name) { return !!FLAGS[flag_name]; }, "switch_is_active": function waffle_switch(switch_name) { return !!SWITCHES[switch_name]; }, "sample_is_active": function waffle_sample(sample_name) { return !!SAMPLES[sample_name]; }, "FLAGS": FLAGS, "SWITCHES": SWITCHES, "SAMPLES": SAMPLES }; })(); // This represents the site configuration window.mdn = { build: '822a130', // Properties and settings for CKEditor will go here ckeditor: {}, // Feature test results and methods will be placed here features: {}, // Ensures gettext always returns something, is always set gettext: function(x) { return x; }, // The path to media (images, CSS, JS) in MDN mediaPath: 'https://developer.cdn.mozilla.net/media/', // Wiki-specific settings will be placed here wiki: { autosuggestTitleUrl: '/en-US/docs/get-documents' } }; </script>
<main id="content" role="main">

Network Security Services for Java (JSS) is a Java interface to NSS. JSS supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding.

JSS offers a implementation of Java SSL sockets that uses NSS's SSL/TLS implementation rather than Sun's JSSE implementation. You might want to use JSS's own SSL classes if you want to use some of the capabilities found in NSS's SSL/TLS library but not found in JSSE.

NSS is the cryptographic module where all cryptographic operations are performed. JSS essentially provides a Java JNI bridge to NSS C shared libraries. When NSS is put in FIPS mode, JSS ensures FIPS compliance by ensuring that all cryptographic operations are performed by the NSS cryptographic module.

JSS offers a JCE provider, "Mozilla-JSS" JCA Provider notes.

JSS, jss4.jar, is still built with JDK 1.4.2. While JDK 1.4.2 is EOL'd and all new product development should be using the latest JavaSE, legacy business products that must use JDK 1.4 or 1.5 can continue to add NSS/JSS security fixes/enhancements.

JSS is used by Red Hat and Sun products that do crypto in Java. JSS is available under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. JSS requires NSPR and NSS.

Java provides a JCE provider called SunPKCS11 (see Java PKCS#11 Reference Guide.) SunPKCS11 can be configured to use the NSS module as the crytographic provider. If you are planning to just use JSS JCE provider as a bridge to NSS's FIPS validated PKCS#11 module, then the SunPKCS11 JCE provider may do all that you need. Note that Java 1.5 claimed no FIPS compliance, and Java 1.6 or higher needs to be used. A current limitation to the configured SunPKCS11-NSS bridge configuration is if you add a PKCS#11 module to the NSS database such as for a smartcard, you won't be able to access that smartcard through the SunPKCS11-NSS bridge. If you use JSS, you can easily get lists of modules and tokens that are configured in the NSS DB and freely access all of it.

Documentation

Before you use JSS, you should have a good understanding of the crypto technologies it uses. You might want to read these documents:

For information on downloading NSS releases, see Download PKI Source.

Read Using JSS to get you started with development after you've built and downloaded it.

Release Notes

Build Instructions

Download or View Source

Testing

Frequently Asked Questions

Information on JSS planning can be found at wiki.mozilla.org, including:

Community

 

Document Tags and Contributors

Contributors to this page: Jürgen Jeka, kwilson, ethertank, kscarfone, chbilalgk, Glenb
Last updated by: chbilalgk,
<menu id="edit-history-menu" type="context"> <menuitem data-action="$edit" label="Edit page"></menuitem> <menuitem data-action="$history" label="View page history"></menuitem> </menu>
</main> <script src="/en-US/jsi18n/build:822a130"></script> <script src="https://developer.cdn.mozilla.net/media/js/jquery1-min.js?build=822a130"></script> <script src="https://developer.cdn.mozilla.net/media/js/main-min.js?build=822a130"></script> <script> mdn.analytics.initOutboundLinks($('body')); </script> <script async="" src="//mozorg.cdn.mozilla.net/en-US/tabzilla/tabzilla.js"></script> <script src="https://developer.cdn.mozilla.net/media/js/wiki-min.js?build=822a130"></script> <script type="text/javascript"> (function($, ga) { $('.from-search-toc').mozSearchResults('', ga); })(jQuery, window._gaq || []); </script>

Document Tags and Contributors

 Last updated by: jswisher,