Bill Price wrote: > Can someone post (or reference) sample code showing how to use JSS to create > a PKCS #12 for a RSA key and certs held in the internal token? I am having > trouble getting the private key into a keybag, safecontents, and > authenticated safes. I have seen the example of creating a PFX on > lxr.mozilla... but it takes the private key from another P12 rather than the > internal token and doesn't seem helpful. I've also seen previous messages > where there appears to be some problem with salt size and default algorithm. > I'd be happy if the result P12 can be consumed by the JCE (and keytool), > Firefox or IE; don't care about OpenSSL for the moment. Thanks.
The third post in this thread has a sample class to export a key and cert to a PKCS12 file. I started with this code when I had to create PKCS12s with JSS. I am the one that posted recently about some issues, but the code as it is there should produce PKCS12 files that are compatible with most toolkits. Thread: http://groups.google.com/group/netscape.public.mozilla.crypto/browse_thread/thread/42701df02911c90/661c2362de8e74f2?lnk=gst&q=p12+jss#661c2362de8e74f2 Direct link to file: http://groups.google.com/group/netscape.public.mozilla.crypto/attach/661c2362de8e74f2/p12.java?part=2 FYI, The inner class "Test" and its method makeKeyID can be replaced with a static call to SafeBag.getLocalKeyIDFromCert(). The custom CharToByteConverter is, however, necessary and will introduce deprecation warnings into your code. Also, towards the end where it's generating salt bytes: byte[] salt = new byte[8]; SecureRandom rng = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS"); rng.nextBytes(salt); I'm pretty sure you can remove that as the poster passed null into the following calls to authSafe.addEncryptedSafeContents and pfx.computeMacData where the javadoc says they create the salt internally so it's an unused variable. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
