Biswatosh wrote:
As a sequel to the earlier mail about the way to extract infos from a Cert Req file,I have this to discuss.As I understand, CertReq is a PKCS 10 structure and so the min. members would be1)Name and 2)SubjectPublicKeyInfo ,at least.Now, do we need to identify an orphan key in key.db on the basis of one of these? I mean, in the case when we want to delete an orphan key(in an enhancement ofthe present certutil).But, suppose we start with pub key, do we match all components? I mean themodulus, the exponent and all? With name, it need not be unique.As I mentioned earlier, searching based on CKA_ID is possible and my patchwill list the keys based on CKA_IDs and then identify and delete them. But, here we are talking of CertReq. We need that, is not it? Thanks Biswatosh
First, thanks for taking on filling this hole. If you create a bug in bugzilla, it should be possible to get your patch reviewed and incorporated into NSS.
Next, on to your question:CKA_ID is technically a freeform field in the PKCS #11 spec. The only requirement is that the CKA_ID of a key match the CKA_ID of the corresponding certificate. NSS, however needs to identify that a particular certificate matches with a newly created key, so when NSS creates the key it always sets it to a value derived from the public key. The function PK11_MakeIDFromPubKey() will give you the CKA_ID value you need.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
