Overview of NSS

翻译不完整。 请帮助我们翻译这篇文章!

Open Source Crypto Libraries

Proven Application Security Architecture

If you want to add support for SSL, S/MIME, or other Internet security standards to your application, you can use Network Security Services (NSS) to implement all your security features. NSS provides a complete open-source implementation of the crypto libraries used by AOL, Red Hat, Google, and other companies in a variety of products, including the following:

NSS includes a framework to which developers and OEMs can contribute patches, such as assembler code, to optimize performance on their platforms. NSS 3.x has been certified on 18 platforms.

For more detailed information about NSS, see wiki.mozilla.org and NSS FAQ.

Source code for a Java interface to NSS is available in the Mozilla CVS tree. For details, see Network Security Services for Java.

NSS makes use of Netscape Portable Runtime (NSPR), a platform-neutral open-source API for system functions designed to facilitate cross-platform development. Like NSS, NSPR has been battle-tested in multiple products. For more information, see the NSPR Project Page.

互操作性和开放标准

你可以使用NSS去支持一系列安全标准在你的应用中,包括如下:

  • SSL v3. 安全套接层协议允许在客户端和服务端相互认证,并且是一个被认证和编码的链接建立.
  • TLS v1.3 (RFC 8446), TLS v1.2 (RFC 5246), TLS v1.1 (RFC 4346), TLS v1 (RFC 2246). IETF中取代SSL的传输层安全(TLS)协议.
  • PKCS #1. 提供基于RSA算法的公钥密码的实现.
  • PKCS #3. 提供Diffie-Hellman密钥协议的实现.
  • PKCS #5. 提供基于密码学的加密技术RSA标准,例如加密用于存储私钥.
  • PKCS #7. 提供密码学数据的应用,例如数字签名和数字信封.
  • PKCS #8. 提供私钥存储和加密.
  • PKCS #9. 管理选定的属性类型,包括与PKCS#7、PKCS#8和PKCS#10一起使用的属性类型.
  • PKCS #10. 提供证书请求语法.
  • PKCS #11. 提供加密令牌(如硬件加速器和智能卡)的通信,并与许应用独立特定算法和实现.
  • PKCS #12. 提供存储和传输私钥,证书和其他机密格式的标准.
  • S/MIME (RFC 2311 and RFC 2633). IETF message specification (based on the popular Internet MIME standard) that provides a consistent way to send and receive signed and encrypted MIME data.
  • X.509 v3. 管理公钥密码中用于身份验证的证书格式的ITU标准.
  • OCSP (RFC 2560). The Online Certificate Status Protocol (OCSP) governs real-time confirmation of certificate validity.
  • PKIX Certificate and CRL Profile (RFC 3280). The first part of the four-part standard under development by the Public-Key Infrastructure (X.509) working group of the IETF (known at PKIX) for a public-key infrastructure for the Internet.
  • RSA, DSA, ECDSA, Diffie-Hellman, EC Diffie-Hellman, AES, Triple DES, DES, RC2, RC4, SHA-1, SHA-256, SHA-384, SHA-512, MD2, MD5, HMAC: Common cryptographic algorithms used in public-key and symmetric-key cryptography.
  • FIPS 186-2 伪随机数发生器.

For complete details, see Encryption Technologies.

FIPS 140 Validation and NISCC Testing

The NSS software crypto module has been validated three times for conformance to FIPS 140 at Security Levels 1 and 2. For more information, see the NSS FIPS page (Or this one).

The NSS libraries passed the NISCC TLS/SSL and S/MIME test suites (1.6 million test cases of invalid input data).

Complete Software Development Kit

除了开发库和APIs,NSS还提供了security tools工具以提供调试,诊断,证书和密钥管理,密码学模块管理和其他开发任务.

NSS comes with an extensive and growing set of documentation, including introductory material, API references, man pages for command-line tools, and sample code.

NSS is available as source and shared (dynamic) libraries. Every NSS release is backward compatible with previous releases, allowing NSS users to upgrade to the new NSS shared libraries without recompiling or relinking their applications.

Open-Source Licensing and Distribution

NSS is available under the Mozilla Public License, version 2. The latest source code is available for free worldwide from https://www.mozilla.org and its mirror sites.