Encryption Technologies in NSS 3.4

You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.

Roadmap
Projects
Coding
Testing
Tools
- Bugzilla
- Tinderbox
- Bonsai
- LXR
FAQs

Encryption Technologies Available in NSS 3.4

Newsgroup: mozilla.dev.tech.crypto

The Network Security Services (NSS) 3.4 CCATS number is G023895, received on Jan. 18, 2002.

Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.

Key Agreement Reference Value End Use

RSA Key Agreement (using PKCS #1) unlimited Key agreement

Diffie-Hellman Key Agreement (using PKCS #3) <= 4096-bit modulus/Future Key agreement

Elliptic Curve Cryptography Key Agreement N/A (future) Key agreement

SSL2 Algorithm Reference Key Strength End Use

SSL2-RC4-128-with-MD5 128 Bulk data encryption

SSL2-RC2-128-CBC-with-MD5 128 Bulk data encryption

SSL2-DES-168-EDE3-CBC-with-MD5 168 Bulk data encryption

SSL2-DES-56-CBC-with-MD5 56 Bulk data encryption

SSL2-RC4-128-EXPORT40-with-MD5 40 Bulk data encryption

SSL2-RC2-128-CBC-EXPORT40-with-MD5 40 Bulk data encryption

SSL3 Algorithm Reference Key Strength End Use

SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA 80 Bulk data encryption

SSL3-FORTEZZA-DMS-with-RC4-128-SHA 128 Bulk data encryption

SSL3-RSA-with-RC4-128-MD5 128 Bulk data encryption

SSL3-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption

SSL3-RSA-with-DES-CBC-SHA 56 Bulk data encryption

SSL3-RSA-with-RC4-40-MD5 40 Bulk data encryption

SSL3-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption

SSL3-FORTEZZA-DMS-with-null-SHA 0 Bulk data encryption

SSL3-RSA-with-null-MD5 0 Bulk data encryption

SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA 168 Bulk data encryption

SSL3-RSA-FIPS-with-DES-CBC-SHA 56 Bulk data encryption

SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption

SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption

SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) 56 Bulk data encryption

SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) 56 Bulk data encryption

TLS Algorithm Reference Key Strength End Use

TLS-RSA-1024-with-RC4-56-SHA 56 Bulk data encryption

TLS-RSA-1024-with-DES-CBC-SHA 56 Bulk data encryption

TLS-RSA-with-RC4-128-MD5 128 Bulk data encryption

SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA 128 Bulk data encryption

TLS-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption

TLS-RSA-with-DES-CBC-SHA 56 Bulk data encryption

TLS-RSA-with-AES-256-CBC-SHA 256 Bulk data encryption

TLS-RSA-with-AES-128-CBC-SHA 128 Bulk data encryption

TLS-RSA-with-RC4-40-MD5 40 Bulk data encryption

TLS-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption

TLS-RSA-with-null-MD5 0 Bulk data encryption

TLS-DHE-RSA-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption

TLS-DHE-RSA-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption

TLS-DHE-DSS-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption

TLS-DHE-DSS-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption

TLS-DHE-DSS-with-RC4-128-SHA (client side only) 128 Bulk data encryption

S/MIME Algorithm Reference Key Strength End Use

S/MIME-DES-EDE3 168 Bulk data encryption

S/MIME-RC2-CBC-128 128 Bulk data encryption

S/MIME-DES-CBC 56 Bulk data encryption

S/MIME-RC2-CBC-64 64 Bulk data encryption

S/MIME-RC2-CBC-40 40 Bulk data encryption

PKCS #5 Algorithm Reference Key Strength End Use

PKCS5-RC2-40 40 Private key material encryption for internal storage

PKCS5-RC2-128 128 Private key material encryption for internal storage

PKCS5-RC4-128 128 Private key material encryption for internal storage

PKCS5-DES-56 56 Private key material encryption for internal storage

PKCS5-DES-EDE3 168 Private key material encryption for internal storage

PKCS #12 Algorithm Reference Key Strength End Use

PKCS12-RC2-40 40 Key portability/Backup

PKCS12-RC2-128 128 Key portability/Backup

PKCS12-RC4-56 56 Key portability/Backup

PKCS12-RC4-128 128 Key portability/Backup

PKCS12-DES-56 56 Key portability/Backup

PKCS12-DES-EDE3 168 Key portability/Backup

PKCS12-NULL 0 Key portability/Backup

Other Characteristics/Technologies Modulus/Key Strength End-Use

PKCS #5/Wallet See PKCS #5 above Storage of wallet info in private key database

PKCS #7 See S/MIME above Digital signatures

PKCS #8 Used with PKCS #5 (see above) and PKCS #12 Storage and encryption of keys in key database and .p12 files

PKCS #11, with restricted algorithms ------------------------------ Smart cards and hardware acceleration

SSL-JAVA API (layer on top of existing SSLsupport) Same as existing SSL and TLS lists Translates SSL and TLS capabilities into Java

Object Signing Application ----------------------------- Standard for network code security and incorporated digital signing only

AES 128/192/256 Bulk data encryption

Key Agreement Reference	Value	End Use
RSA Key Agreement (using PKCS #1)	unlimited	Key agreement
Diffie-Hellman Key Agreement (using PKCS #3)	<= 4096-bit modulus/Future	Key agreement
Elliptic Curve Cryptography Key Agreement	N/A (future)	Key agreement

SSL2 Algorithm Reference	Key Strength	End Use
SSL2-RC4-128-with-MD5	128	Bulk data encryption
SSL2-RC2-128-CBC-with-MD5	128	Bulk data encryption
SSL2-DES-168-EDE3-CBC-with-MD5	168	Bulk data encryption
SSL2-DES-56-CBC-with-MD5	56	Bulk data encryption
SSL2-RC4-128-EXPORT40-with-MD5	40	Bulk data encryption
SSL2-RC2-128-CBC-EXPORT40-with-MD5	40	Bulk data encryption

SSL3 Algorithm Reference	Key Strength	End Use
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA	80	Bulk data encryption
SSL3-FORTEZZA-DMS-with-RC4-128-SHA	128	Bulk data encryption
SSL3-RSA-with-RC4-128-MD5	128	Bulk data encryption
SSL3-RSA-with-3DES-EDE-CBC-SHA	168	Bulk data encryption
SSL3-RSA-with-DES-CBC-SHA	56	Bulk data encryption
SSL3-RSA-with-RC4-40-MD5	40	Bulk data encryption
SSL3-RSA-with-RC2-CBC-40-MD5	40	Bulk data encryption
SSL3-FORTEZZA-DMS-with-null-SHA	0	Bulk data encryption
SSL3-RSA-with-null-MD5	0	Bulk data encryption
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA	168	Bulk data encryption
SSL3-RSA-FIPS-with-DES-CBC-SHA	56	Bulk data encryption
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only)	168	Bulk data encryption
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only)	168	Bulk data encryption
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only)	56	Bulk data encryption
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only)	56	Bulk data encryption

TLS Algorithm Reference	Key Strength	End Use
TLS-RSA-1024-with-RC4-56-SHA	56	Bulk data encryption
TLS-RSA-1024-with-DES-CBC-SHA	56	Bulk data encryption
TLS-RSA-with-RC4-128-MD5	128	Bulk data encryption
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA	128	Bulk data encryption
TLS-RSA-with-3DES-EDE-CBC-SHA	168	Bulk data encryption
TLS-RSA-with-DES-CBC-SHA	56	Bulk data encryption
TLS-RSA-with-AES-256-CBC-SHA	256	Bulk data encryption
TLS-RSA-with-AES-128-CBC-SHA	128	Bulk data encryption
TLS-RSA-with-RC4-40-MD5	40	Bulk data encryption
TLS-RSA-with-RC2-CBC-40-MD5	40	Bulk data encryption
TLS-RSA-with-null-MD5	0	Bulk data encryption
TLS-DHE-RSA-with-AES-256-CBC-SHA (client side only)	256	Bulk data encryption
TLS-DHE-RSA-with-AES-128-CBC-SHA (client side only)	128	Bulk data encryption
TLS-DHE-DSS-with-AES-256-CBC-SHA (client side only)	256	Bulk data encryption
TLS-DHE-DSS-with-AES-128-CBC-SHA (client side only)	128	Bulk data encryption
TLS-DHE-DSS-with-RC4-128-SHA (client side only)	128	Bulk data encryption

S/MIME Algorithm Reference	Key Strength	End Use
S/MIME-DES-EDE3	168	Bulk data encryption
S/MIME-RC2-CBC-128	128	Bulk data encryption
S/MIME-DES-CBC	56	Bulk data encryption
S/MIME-RC2-CBC-64	64	Bulk data encryption
S/MIME-RC2-CBC-40	40	Bulk data encryption

PKCS #5 Algorithm Reference	Key Strength	End Use
PKCS5-RC2-40	40	Private key material encryption for internal storage
PKCS5-RC2-128	128	Private key material encryption for internal storage
PKCS5-RC4-128	128	Private key material encryption for internal storage
PKCS5-DES-56	56	Private key material encryption for internal storage
PKCS5-DES-EDE3	168	Private key material encryption for internal storage

PKCS #12 Algorithm Reference	Key Strength	End Use
PKCS12-RC2-40	40	Key portability/Backup
PKCS12-RC2-128	128	Key portability/Backup
PKCS12-RC4-56	56	Key portability/Backup
PKCS12-RC4-128	128	Key portability/Backup
PKCS12-DES-56	56	Key portability/Backup
PKCS12-DES-EDE3	168	Key portability/Backup
PKCS12-NULL	0	Key portability/Backup

Other Characteristics/Technologies	Modulus/Key Strength	End-Use
PKCS #5/Wallet	See PKCS #5 above	Storage of wallet info in private key database
PKCS #7	See S/MIME above	Digital signatures
PKCS #8	Used with PKCS #5 (see above) and PKCS #12	Storage and encryption of keys in key database and .p12 files
PKCS #11, with restricted algorithms	------------------------------	Smart cards and hardware acceleration
SSL-JAVA API (layer on top of existing SSLsupport)	Same as existing SSL and TLS lists	Translates SSL and TLS capabilities into Java
Object Signing Application	-----------------------------	Standard for network code security and incorporated digital signing only
AES	128/192/256	Bulk data encryption

Mozilla

Encryption Technologies Available in NSS 3.4