You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



Encryption Technologies Available in NSS 3.3

Newsgroup: mozilla.dev.tech.crypto
Manager: Wan-Teh Chang


The Network Security Services (NSS) 3.x CCATS number is G019013.

Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.
Key Agreement Reference Value End Use
RSA Key Agreement (using PKCS #1) unlimited Key agreement
Diffie-Hellman Key Agreement (using PKCS #3) <= 4096-bit modulus/Future Key agreement
Elliptic Curve Cryptography Key Agreement N/A (future) Key agreement
 
SSL2 Algorithm Reference Key Strength End Use
SSL2-RC4-128-with-MD5 128 Bulk data encryption
SSL2-RC2-128-CBC-with-MD5 128 Bulk data encryption
SSL2-DES-168-EDE3-CBC-with-MD5  168 Bulk data encryption
SSL2-DES-56-CBC-with-MD5 56 Bulk data encryption
SSL2-RC4-128-EXPORT40-with-MD5 40 Bulk data encryption
SSL2-RC2-128-CBC-EXPORT40-with-MD5 40 Bulk data encryption
 
SSL3 Algorithm Reference Key Strength End Use
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA 80 Bulk data encryption
SSL3-FORTEZZA-DMS-with-RC4-128-SHA 128 Bulk data encryption
SSL3-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL3-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
SSL3-RSA-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-RSA-with-RC4-40-MD5 40 Bulk data encryption
SSL3-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
SSL3-FORTEZZA-DMS-with-null-SHA 0 Bulk data encryption
SSL3-RSA-with-null-MD5 0 Bulk data encryption
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA 168 Bulk data encryption
SSL3-RSA-FIPS-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
 
TLS Algorithm Reference Key Strength End Use
TLS-RSA-1024-with-RC4-56-SHA 56 Bulk data encryption
TLS-RSA-1024-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA 128 Bulk data encryption
TLS-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
TLS-RSA-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-RC4-40-MD5 40 Bulk data encryption
TLS-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
TLS-RSA-with-null-MD5 0 Bulk data encryption
TLS-DHE-DSS-with-RC4-128-SHA (client side only) 128 Bulk data encryption
 
S/MIME Algorithm Reference Key Strength End Use
S/MIME-DES-EDE3 168 Bulk data encryption
S/MIME-RC2-CBC-128 128 Bulk data encryption
S/MIME-DES-CBC 56 Bulk data encryption
S/MIME-RC2-CBC-64 64 Bulk data encryption
S/MIME-RC2-CBC-40 40 Bulk data encryption
 
PKCS #5 Algorithm Reference Key Strength End Use
PKCS5-RC2-40 40 Private key material encryption for internal storage
PKCS5-RC2-128 128 Private key material encryption for internal storage
PKCS5-RC4-128 128 Private key material encryption for internal storage
PKCS5-DES-56 56 Private key material encryption for internal storage
PKCS5-DES-EDE3 168 Private key material encryption for internal storage
 
PKCS #12 Algorithm Reference Key Strength End Use
PKCS12-RC2-40 40 Key portability/Backup
PKCS12-RC2-128 128 Key portability/Backup
PKCS12-RC4-56 56 Key portability/Backup
PKCS12-RC4-128 128 Key portability/Backup
PKCS12-DES-56 56 Key portability/Backup
PKCS12-DES-EDE3 168 Key portability/Backup
PKCS12-NULL 0 Key portability/Backup
 
Other Characteristics/Technologies Modulus/Key Strength End-Use
PKCS #5/Wallet See PKCS #5 above Storage of wallet info in private key database
PKCS #7  See S/MIME above Digital signatures
PKCS #8 Used with PKCS #5 (see above) and PKCS #12 Storage and encryption of keys in key database and .p12 files
PKCS #11, with restricted algorithms ------------------------------ Smart cards and hardware acceleration
SSL-JAVA API (layer on top of existing SSLsupport) Same as existing SSL and TLS lists Translates SSL and TLS capabilities into Java
Object Signing Application ----------------------------- Standard for network code security and incorporated digital signing only
AES finalist Rijndael 128/192/256 Bulk data encryption

Algorithm/Other Specifications can be found at the following locations:
SSL 3.0:           http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
SSL connections:   http://www.mozilla.org/projects/security/pki/nss/ssl/traces/index.html
Client details:    http://www.mozilla.org/projects/security/pki/nss/ssl/traces/trc-clnt-ex.html
TLS:               http://www.ietf.org/rfc/rfc2246.txt
S/MIME standard:   http://www.ietf.org/html.charters/smime-charter.html
S/MIME v2:         http://www.rfc-editor.org/rfc/rfc2311.txt
S/MIME v3:         http://www.rfc-editor.org/rfc/rfc2633.txt
PKCS #1:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
PKCS #3:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/
PKCS #5:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/
PKCS #7:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #8:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/
PKCS #11:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
PKCS #12:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/