RetroZilla/security/nss/lib/ckfw/nssmkey
2015-10-20 23:03:22 -04:00
..
ckmk.h first commit 2015-10-20 23:03:22 -04:00
ckmkver.c first commit 2015-10-20 23:03:22 -04:00
config.mk first commit 2015-10-20 23:03:22 -04:00
Makefile first commit 2015-10-20 23:03:22 -04:00
manchor.c first commit 2015-10-20 23:03:22 -04:00
manifest.mn first commit 2015-10-20 23:03:22 -04:00
mconstants.c first commit 2015-10-20 23:03:22 -04:00
mfind.c first commit 2015-10-20 23:03:22 -04:00
minst.c first commit 2015-10-20 23:03:22 -04:00
mobject.c first commit 2015-10-20 23:03:22 -04:00
mrsa.c first commit 2015-10-20 23:03:22 -04:00
msession.c first commit 2015-10-20 23:03:22 -04:00
mslot.c first commit 2015-10-20 23:03:22 -04:00
mtoken.c first commit 2015-10-20 23:03:22 -04:00
nssmkey.def first commit 2015-10-20 23:03:22 -04:00
nssmkey.h first commit 2015-10-20 23:03:22 -04:00
README first commit 2015-10-20 23:03:22 -04:00
staticobj.c first commit 2015-10-20 23:03:22 -04:00

This Cryptoki module provides acces to certs and keys stored in
Macintosh key Ring.

- It does not yet export PKCS #12 keys. To get this to work should be 
  implemented using exporting the key object in PKCS #8 wrapped format.
  PSM work needs to happen before this can be completed.
- It does not import or export CA Root trust from the mac keychain.
- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
- The AuthRoots don't show up on the default list.
- Only RSA keys are supported currently.

There are a number of things that have not been tested that other PKCS #11
apps may need:
- reading Modulus and Public Exponents from private keys and public keys.
- storing public keys.
- setting attributes other than CKA_ID and CKA_LABEL.

Other TODOs:
- Check for and plug memory leaks.
- Need to map mac errors into something more intellegible than 
  CKR_GENERAL_ERROR.