Hi all,
I have a password protected PK12 file that I need to get a key out of
& keep it for the duration of the session only. All the examples that
I have been able to find in mozilla code, do the following sequence to
get out the key:
SEC_PKCS12DecoderImportBags(p12ctx);
certlist = SEC_PKCS12DecoderGetCerts(p12ctx);
// extract public/private keys from the first certificate
for (head = CERT_LIST_HEAD(certlist); !CERT_LIST_END(head,
certlist); head = CERT_LIST_NEXT(head)) {
privkey = PK11_FindKeyByAnyCert(head->cert, NULL);
pubkey = CERT_ExtractPublicKey(head->cert);
}
Unfortunately, this imports the key into the NSS DB, which I need to
keep UNpassworded, thus, as soon as the key makes it into an
unprotected DB, my private key is compromised.
It looks like I can get a CERTCertificate out without import:
SECKEYPublicKey* pubkey;
SECKEYPrivateKey* privkey;
CERTCertificate *cert;
const SEC_PKCS12DecoderItem *dip;
rv = SEC_PKCS12DecoderIterateInit(p12dcx);
while (SEC_PKCS12DecoderIterateNext(p12ctx, &dip) == SECSuccess) {
cert = CERT_DecodeDERCertificate(dip->der, PR_FALSE, NULL); /* or
CERT_NewTempCertificate */
}
but unfortunately, I haven't found a way to get the private key out of
the cert without import.
Is there a way in NSS to do Import into an in-memory structure only
(without persisting to default DB)?
Could anyone suggest what the best solution would be here?
Thanks very much,
Greg S.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
