Paul "suckerformimi" wrote: > It took us an immense amount of effort and a couple of favors before we > managed to sign our code. Some bugs in the NSS tools meant NSS couldn't > understand our pvk and spc files. We only got to the end because > Firefox support was a huge priority for us.
I wouldn't say NSS has any bugs with respect to .pvk files or .spc files. NSS simply doesn't support the old proprietary pvk file format, & never has. Microsoft barely supports it any more, also. The Windows 2000 and Windows XP certificate export wizards do not support the .pvk files. (So says http://msdn.microsoft.com/library/default.asp?url=/library/en-us/devguidesp/html/sp_wce51conotherenrollmentoptionsupportozup.asp In order to be able to "import" pvk files into the windows cert and key store on a WinXP or Win2003 system, one must download a special "pvkimprt" program from a MS web site. For more info, see http://www.microsoft.com/downloads/details.aspx?FamilyID=f9992c94-b129-46bc-b240-414bdff679a7&DisplayLang=en pvk files use an old proprietary format (that various parties claim belongs to Microsoft, Verisign, and/or Thawte.) It was superseded by PKCS#12 file format (a.k.a. .p12 or .pfx files) about 10 years ago (!). Microsoft and Netscape and RSA Security (and others) worked together to come up with an open standard that they could all use, and .p12/.pfx files have been supported by Windows and Netscape (and now Mozilla) products ever since. Jim Spring (recently seen in this newsgroup) implemented it for Netscape back in 1996 or 1997, IIRC. So the real mystery is why, in the year 2006, some software that does "certificate enrollment" for code signing certs is still using the obsolete and proprietary .pvk file format. I'd really like to know what software was used to obtain the pvk file that Paul "suckerformimi" obtained. (Paul wrote me that these files were obtained by someone else at his company, and given to him, so he does not know what software was used to obtain them.) IMO, that software should be replaced with software that uses .p12 files, ASAP. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
