Thanks. That appears to have helped/worked. I was close (but this is not horseshoes). I don't understand why I had to implement the PWConverter Class rather than use the PasswordConverter class. I also had to change the algorithm for the encrypted safe contents from the default algorithm to the PBEwSHA1-1&DES3-CBC. Mozilla won't accept the p12 but MS will.
Thanks again. "David Stutzman" <dstutzman*at*dsci.com> wrote in message news:[EMAIL PROTECTED] > Bill Price wrote: >> Can someone post (or reference) sample code showing how to use JSS to >> create a PKCS #12 for a RSA key and certs held in the internal token? I >> am having trouble getting the private key into a keybag, safecontents, >> and authenticated safes. I have seen the example of creating a PFX on >> lxr.mozilla... but it takes the private key from another P12 rather than >> the internal token and doesn't seem helpful. I've also seen previous >> messages where there appears to be some problem with salt size and >> default algorithm. I'd be happy if the result P12 can be consumed by the >> JCE (and keytool), Firefox or IE; don't care about OpenSSL for the >> moment. Thanks. > > The third post in this thread has a sample class to export a key and cert > to a PKCS12 file. I started with this code when I had to create PKCS12s > with JSS. I am the one that posted recently about some issues, but the > code as it is there should produce PKCS12 files that are compatible with > most toolkits. > > Thread: > http://groups.google.com/group/netscape.public.mozilla.crypto/browse_thread/thread/42701df02911c90/661c2362de8e74f2?lnk=gst&q=p12+jss#661c2362de8e74f2 > Direct link to file: > http://groups.google.com/group/netscape.public.mozilla.crypto/attach/661c2362de8e74f2/p12.java?part=2 > > FYI, The inner class "Test" and its method makeKeyID can be replaced with > a static call to SafeBag.getLocalKeyIDFromCert(). > The custom CharToByteConverter is, however, necessary and will introduce > deprecation warnings into your code. > > Also, towards the end where it's generating salt bytes: > byte[] salt = new byte[8]; > SecureRandom rng = SecureRandom.getInstance("pkcs11prng", > "Mozilla-JSS"); > rng.nextBytes(salt); > I'm pretty sure you can remove that as the poster passed null into the > following calls to authSafe.addEncryptedSafeContents and > pfx.computeMacData where the javadoc says they create the salt internally > so it's an unused variable. > > Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
