Encryption Technologies Available in NSS 3.3
Manager: Wan-Teh Chang
The Network Security Services (NSS) 3.x CCATS number is G019013.
Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.
Key Agreement Reference | Value | End Use |
RSA Key Agreement (using PKCS #1) | unlimited | Key agreement |
Diffie-Hellman Key Agreement (using PKCS #3) | <= 4096-bit modulus/Future | Key agreement |
Elliptic Curve Cryptography Key Agreement | N/A (future) | Key agreement |
SSL2 Algorithm Reference | Key Strength | End Use |
SSL2-RC4-128-with-MD5 | 128 | Bulk data encryption |
SSL2-RC2-128-CBC-with-MD5 | 128 | Bulk data encryption |
SSL2-DES-168-EDE3-CBC-with-MD5 | 168 | Bulk data encryption |
SSL2-DES-56-CBC-with-MD5 | 56 | Bulk data encryption |
SSL2-RC4-128-EXPORT40-with-MD5 | 40 | Bulk data encryption |
SSL2-RC2-128-CBC-EXPORT40-with-MD5 | 40 | Bulk data encryption |
SSL3 Algorithm Reference | Key Strength | End Use |
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA | 80 | Bulk data encryption |
SSL3-FORTEZZA-DMS-with-RC4-128-SHA | 128 | Bulk data encryption |
SSL3-RSA-with-RC4-128-MD5 | 128 | Bulk data encryption |
SSL3-RSA-with-3DES-EDE-CBC-SHA | 168 | Bulk data encryption |
SSL3-RSA-with-DES-CBC-SHA | 56 | Bulk data encryption |
SSL3-RSA-with-RC4-40-MD5 | 40 | Bulk data encryption |
SSL3-RSA-with-RC2-CBC-40-MD5 | 40 | Bulk data encryption |
SSL3-FORTEZZA-DMS-with-null-SHA | 0 | Bulk data encryption |
SSL3-RSA-with-null-MD5 | 0 | Bulk data encryption |
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA | 168 | Bulk data encryption |
SSL3-RSA-FIPS-with-DES-CBC-SHA | 56 | Bulk data encryption |
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) | 168 | Bulk data encryption |
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) | 168 | Bulk data encryption |
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) | 56 | Bulk data encryption |
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) | 56 | Bulk data encryption |
TLS Algorithm Reference | Key Strength | End Use |
TLS-RSA-1024-with-RC4-56-SHA | 56 | Bulk data encryption |
TLS-RSA-1024-with-DES-CBC-SHA | 56 | Bulk data encryption |
TLS-RSA-with-RC4-128-MD5 | 128 | Bulk data encryption |
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA | 128 | Bulk data encryption |
TLS-RSA-with-3DES-EDE-CBC-SHA | 168 | Bulk data encryption |
TLS-RSA-with-DES-CBC-SHA | 56 | Bulk data encryption |
TLS-RSA-with-RC4-40-MD5 | 40 | Bulk data encryption |
TLS-RSA-with-RC2-CBC-40-MD5 | 40 | Bulk data encryption |
TLS-RSA-with-null-MD5 | 0 | Bulk data encryption |
TLS-DHE-DSS-with-RC4-128-SHA (client side only) | 128 | Bulk data encryption |
S/MIME Algorithm Reference | Key Strength | End Use |
S/MIME-DES-EDE3 | 168 | Bulk data encryption |
S/MIME-RC2-CBC-128 | 128 | Bulk data encryption |
S/MIME-DES-CBC | 56 | Bulk data encryption |
S/MIME-RC2-CBC-64 | 64 | Bulk data encryption |
S/MIME-RC2-CBC-40 | 40 | Bulk data encryption |
PKCS #5 Algorithm Reference | Key Strength | End Use |
PKCS5-RC2-40 | 40 | Private key material encryption for internal storage |
PKCS5-RC2-128 | 128 | Private key material encryption for internal storage |
PKCS5-RC4-128 | 128 | Private key material encryption for internal storage |
PKCS5-DES-56 | 56 | Private key material encryption for internal storage |
PKCS5-DES-EDE3 | 168 | Private key material encryption for internal storage |
PKCS #12 Algorithm Reference | Key Strength | End Use |
PKCS12-RC2-40 | 40 | Key portability/Backup |
PKCS12-RC2-128 | 128 | Key portability/Backup |
PKCS12-RC4-56 | 56 | Key portability/Backup |
PKCS12-RC4-128 | 128 | Key portability/Backup |
PKCS12-DES-56 | 56 | Key portability/Backup |
PKCS12-DES-EDE3 | 168 | Key portability/Backup |
PKCS12-NULL | 0 | Key portability/Backup |
Other Characteristics/Technologies | Modulus/Key Strength | End-Use |
PKCS #5/Wallet | See PKCS #5 above | Storage of wallet info in private key database |
PKCS #7 | See S/MIME above | Digital signatures |
PKCS #8 | Used with PKCS #5 (see above) and PKCS #12 | Storage and encryption of keys in key database and .p12 files |
PKCS #11, with restricted algorithms | ------------------------------ | Smart cards and hardware acceleration |
SSL-JAVA API (layer on top of existing SSLsupport) | Same as existing SSL and TLS lists | Translates SSL and TLS capabilities into Java |
Object Signing Application | ----------------------------- | Standard for network code security and incorporated digital signing only |
AES finalist Rijndael | 128/192/256 | Bulk data encryption |
Algorithm/Other Specifications can be found at the following locations:
SSL 3.0:
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
SSL connections: http://www.mozilla.org/projects/security/pki/nss/ssl/traces/index.html
Client details: http://www.mozilla.org/projects/security/pki/nss/ssl/traces/trc-clnt-ex.html
TLS:
http://www.ietf.org/rfc/rfc2246.txt
S/MIME standard: http://www.ietf.org/html.charters/smime-charter.html
S/MIME v2: http://www.rfc-editor.org/rfc/rfc2311.txt
S/MIME v3: http://www.rfc-editor.org/rfc/rfc2633.txt
PKCS #1:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
PKCS #3:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/
PKCS #5:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/
PKCS #7:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #8:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/
PKCS #11:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
PKCS #12:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/