On 6/14/06, Anthony Lieuallen <[EMAIL PROTECTED]> wrote:
The documentation for the certutil tool [1] refers to a "u" value for the -t argument which it says means "Certificate can be used for authentication or signing".
It seems that the certutil man page should be improved to document the "u" trust attribute as "user cert: the private key associated with the certificate exists and can be used for authentication, signing, or decryption."
But, no matter how I import a certificate, I can't get "signtool -l" to list that as one that I can sign things with. It will list a testing cert made with "signtool -G" and then "certutil -L" says "u,u,Cu" for that testing cert, but the same permission on import of a real cert produces "G,,C".
Is "G" a valid trust attribute? It's not documented in the certutil man page http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193.
So. Is there something special about certs that can be used to sign objects?
I hope you're using "certs" as an informal shorthand for "certs or the associated private keys". It's the private keys that can be used to sign objects. AYR _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
