Personal Security Manager (PSM)

Newsgroup: mozilla.dev.tech.crypto

Technical contacts: Kai Engert, Wan-Teh Chang, Bob Relyea

Manager: Bob Lord

Personal Security Manager (PSM) consists of a set of libraries that perform cryptographic operations on behalf of a client application. These operations include setting up an SSL connection, object signing and signature verification, certificate management (including issuance and revocation), and other common PKI functions.

PSM 2.3

PSM 2.3 implements S/MIME. For details, see Guide to Using S/MIME.

PSM 2.1

Improvements in PSM 2.1 include

  • many bug fixes
  • better support for MIME types required to load CRLs
  • new Reset Master Password button in the preferences panel for Master Passwords.
  • support for a null master password
  • many minor UI improvements

For an indication of the major areas where UI details have changed, see PSM 2.1 & Privacy Help: Status and Work in Progress.

PSM 2.0

PSM 2.0 provides an in-process SSL implementation that is fully integrated with Mozilla and Netscape 6.1. The following documents describe PSM 2.0:

  • What's New in Crypto for Netscape 6.1. An informal survey of new features in PSM 2.0 compared with Communicator 4.x and Netscape 6.0.
  • PSM 2.0 Roadmap: A Technical View summarizes where we're going technically with different flavors of PSM and how the PSM 2.0 XPCOM shared libraries are organized.
  • Build Instructions for PSM gives detailed instructions on how to enable PSM 2.0 in your Mozilla build. PSM 2.0 is now built with the daily Windows, Macintosh, and Linux Mozilla builds.

Documentation

Initial PSM 2.0 planning:

  • PSM 2.0 Plan describes the initial goals, features, user interface, and preliminary schedule for PSM 2.0.
  • PSM 2.0 Task List provides a breakdown of tasks and dependencies for the early stages of development.
  • PSM 2.0 UI describes initial plans for PSM 2.0 UI, including links to XUL mockups.

Help and help buttons:

Background and previous versions:

Personal Security Manager is built on top of NSS, which is built on top of Netscape Portable Runtime (NSPR). Applications built with PSM do not need to call NSPR, whereas applications built with NSS must make such calls.

PSM performs all security operations on behalf of one or more applications. Developers can access the cryptographic features of PSM by calling PSM libraries.

Standards Support

Cryptographic operations supported by Personal Security Manager on behalf of Mozilla, Netscape 6, Netscape Communicator 4.7, and other client applications include:

  • SSL v2 and v3. SSL authentication, encryption, and tamper detection.
  • TLS. IETF version of SSL.
  • S/MIME (not yet integrated into Mozilla). Signed and encrypted email (using separate signing and encryption keys if desired).
  • PKCS #5. Encryption for private key storage.
  • PKCS #7. Signing operations.
  • PKCS #11. Communication with PKCS #11 modules and associated cryptographic tokens (such as smart cards).
  • PKCS #12. Export and import of certificates and associated private keys.
  • CRMF/CMMF. Communication with a certificate authority (CA).
  • OCSP. Real-time confirmation of certificate validity.

For detailed information about the cryptographic algorithms available in PSM (current and planned), see Encryption Technologies Available in Netscape 6.x, Personal Security Manager, and the iPlanet Servers.

If you are running a version of PSM, you can confirm the version number and algorithms supported by visiting this URL: http://gemal.dk/browserspy/psm.html.

Mozilla CVS Information

PSM 1.x

PSM 1.x is checked into mozilla/security/psm/. The directories are lib/, server/, ui/, and doc/.

coreconf is checked into the root of mozilla/security/.

coreconf/location.mk and coreconf/source.mk find dist in $(COREDEPTH)/../dist rather then $(COREDEPTH)/dist.

PSM 2.0

PSM 2.0 is checked in under mozilla/security/manager/.

Netscape 6 Integration

PSM 2.0 is fully open source and ships with Netscape 6.1.

Ongoing builds of Personal Security Manager based on fully open source NSS 3.1 (and later versions) are now integrated into Mozilla daily builds.