Peter Gutmann wrote:
If it's a nice layered implementation where the higher layers build on the
lower ones (e.g. SSL and S/MIME on PKCS #1 and 3DES-CBC, etc) you can support
both.
NSS has SSL and SMIME (actually CMS) shared libs, which are layered over
the core NSS shared lib (which provides cert functions and fairly high
level crypto functions), which is layered over PKCS11. PKCS11 allows NSS
to use any PKCS11 device for the actual crypto, from tiny smart cards to
big crypto accelerator boxes. NSS's "softoken" DLL is a pure-software
PKCS11 module and token, which in turn is layered over "blapi", a raw
crypto API, of which "freebl" is NSS's implementation.
On some platforms, such as sparc/ultrasparc, where one OS supports both a
32-bit and 64-bit instruction set, NSS has separate 32-bit and 64-bit
shared libs for freebl, and it dynamically loads the best one for the
current platform.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
