NSS Tools 编辑

NSS Security Tools

Newsgroup: mozilla.dev.tech.crypto

Overview

The NSS Security Tools allow developers to test, debug, and manage applications that use NSS. The Tools Information table below describes both the tools that are currently working and those that are still under development. The links for each tool take you to the source code, documentation, plans, and related links for each tool. The links will become active when information is available.

Currently, you must download the NSS 3.1 source and build it to create binary files for the NSS tools. For information about downloading the NSS source, see /wiki/NSS/Building.

If you have feedback or questions, please feel free to post to mozilla.dev.tech.crypto. This newsgroup is the preferred forum for all questions about NSS and NSS tools.

Overall Objectives

  1. Provide a tool for analyzing and repairing certificate databases (dbck).
  2. Migrate tools from secutil.h interface to PKCS #11 interface.
  3. Eliminate redundant functionality in tools. Many tools implement private versions of PKCS11Init(), OpenCertDB(), etc.
  4. Eliminate use of getopt() and replace with NSPR calls to get command options (to eliminate platform dependencies with getopt()).

Tools Information

ToolDescriptionLinks
certutil 2.0Manage certificate and key databases (cert7.db and key3.db).Source, Documentation, Tasks/Plans
cmsutil 1.0Performs basic CMS operations such as encrypting, decrypting, and signing messages.Source, Documentation
crlutilManage certificate revocation lists (CRLs).Source, Documentation,
dbck 1.0Analyze and repair certificate databases (not working in NSS 3.2)Source, Tasks/Plans
modutil 1.1Manage the database of PKCS11 modules (secmod.db). Add modules and modify the properties of existing modules (such as whether a module is the default provider of some crypto service).Source, Documentation, Tasks/Plans
pk12util 1.0Import and export keys and certificates between the cert/key databases and files in PKCS12 format.Source, Documentation, Tasks/Plans
signtool 1.3Create digitally-signed jar archives containing files and/or code.Source, Documentation,
signver 1.1Verify signatures on digitally-signed objects.Source, Documentation, Tasks/Plans
sslstrengthSSL StrengthDocumentation
ssltap 3.2Proxy requests for an SSL server and display the contents of the messages exchanged between the client and server. The ssltap tool does not decrypt data, but it shows things like the type of SSL message (clientHello, serverHello, etc) and connection data (protocol version, cipher suite, etc). This tool is very useful for debugging.Source, Documentation
  1. Currently points to the Netscape Certificate Management System Administration Guide on docs.sun.com. For additional information about this tool, see Object Signing.
  2. Currently points to the signver documentation on developer.netscape.com. For additional information about this tool, see Form Signing

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:120 次

字数:6845

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文