[empty image] [empty image]
[empty image]
[empty image] [empty image] [empty image]
[empty image]



E_NSS is an OpenSSL "loadable cryptographic module"(engine) that use keys and certificates stored in Mozilla "Network Security Services"(NSS) database.

NSS is used in a variety of products, including the following:

  • Mozilla based products, like Firefox, SeaMonkey, Thunderbird and etc.
  • Office software suite(word processing, spreadsheets and etc.), like OpenOffice and LibreOffice
  • Instant messaging, like Pidgin
  • Various directory servers


21 Mar 2021 : Released e_nss 3.1
  • compatibility with OpenSSL Capsulate store loader into own source file.
    Avoid use of deprecated in 3.0 functions with changed synopsis.
  • cleanup defines used only once

24 Jan 2021 : Released e_nss 3.0
  • compatibility with OpenSSL Prepare code base for new model for loadable modules - move key related code into own source files.
  • compatibility with NSS Ensures test environment that allows to be tested deprecated digests like md5.

15 Feb 2020 : Released e_nss 2.1
  • compatibility with OpenSSL Work-around for some deprecated in OpenSSL 3.0 methods.

20 Aug 2016 : Released e_nss 2.0
  • OpenSSL STORE functionality Version implements upcoming OpenSSL (1.1.1) STORE functionality. Used scheme prefix is "nss:". Existing engine commands are available with corresponding store URI:
    • nss:list=all
    • nss:list=ca
    • nss:list=user
      List "nicknames" of all, CA, or user certificates stored in NSS database.
    • nss:cert=nickname
      Extract X.509 certificate for gives "nickname".
    • nss:key=nickname
      Extract key for gives "nickname".
    • nss:nickname
      Extract key and X.509 certificate for gives "nickname".
  • RSA OAEP padding Support OAEP padding for RSA keys (requires NSS 3.16.2 or newer)
  • build and tests fixes

16 Dec 2016 : Released e_nss 1.1
  • dynamic allocation of user interface prompt Engine uses default application UI(user interface) method as password prompt when NSS database request password authentication.
  • suppress harmless warnings with legacy OpenSSL versions

8 Sep 2016 : Released e_nss 1.0.1
  • restore build for OpenSSL 0.9.7*

27 Aug 2016 : Released e_nss 1.0
  • Support OpenSSL 1.1
    Code is updated to use OpenSSL 1.1 API with backport of used functions if build is with previous OpenSSL versions.
    Note that name of cryptographic module is changed to "e_nss", i.e. without "lib" prefix. You must specify path to engine directory with configure option "--with-enginesdir".

17 Jan 2016 : Released e_nss 0.6
  • EC_KEY method for upcomming OpenSSL 1.1
  • work in FIPS enabled mode(either OpenSSL or NSS module)
  • partial implemention of rsa_priv_enc - if input is X.509 signature

6 Jun 2015 : Released e_nss 0.5
  • support EC keys
  • late NSS db initialization

6 Sep 2013 : Released e_nss 0.4.2
  • improve engine setup by openssl config file
  • fix GCC pedantic warnings

25 Jan 2013 : Released e_nss 0.4.1
  • support openssl 0.9.7 - 1.0.1
  • automake 1.13 ready

12 Jan 2012 : Released e_nss 0.4
  • support openssl 0.9.7 - 1.0.1(beta)
  • build on various linux distibutions
  • OpenSSL<->NSS sign/verify test

8 Oct 2011 : Released e_nss 0.3
  • two new internal commands

    E_NSS_CMD_LOAD_CERT - Return certificate found by specified nickname
    E_NSS_CMD_EVP_CERT - Return certificate for specified EVP KEY

    Applications should use those commads to get X.509 certificate encoded in DER format.

  • own output of certificate distiguished name

    NSS library cut long names of distinguished name attributes. The cut is based on position and if break display of UTF-8 encoded attribute if position is inside mutibite sequence.

[empty image]
[empty image] [empty image] Last modified : Sunday March 21, 2021 [empty image]