I am developing a Thunderbird extension that runs mostly in JavaScript. I want to use several functions from Mozilla NSS ( Network Security Services ) in JavaScript. Thunderbird has one JavaScript shell called WeaveCrypto.js that I am currently using. The problem with WeaveCrypto is its age (AES-256-CBC may have been pretty good in 2010, but today it is no longer recommended, for example, via this . SHA1 is also not really recommended, since prf-Algorithm in PBKDF2 is larger .) and hard-coded values ββsuch as iterations, algorithms, and key lengths.
JavaScript Crypto is already in the Archive of Outdated Content, and DOMCrypt is only available in Firefox.
I am currently chatting with Justin Dolske, a WeaveCrypto developer . His current approach is that I can unlock WeaveCrypto , and if I add only the identifiers of the algorithms and change only small pieces of logic (for example, hard-coded values ββfor replaceable ones), they will most likely add my forked version to Thunderbird.
I will do this if necessary, but it seems a little strange to me that the huge NSS library is not fully accessible and accessible in JavaScript without additional effort, although all the logic of the Firefox and Thunderbird extensions are written in this exact language (or did I miss something?).
Any ideas appreciated :)
source
share