David Stutzman wrote: > Alexander Klink wrote: >> Well, but the private key that has been created has to be recorded >> somewhere, right? Is there a way to list those at least? > > $ certutil -K -d . > Enter Password or Pin for "NSS Certificate DB": > <0> > <1> > <2> > <3>
That useless output is the subject of bug 291384. With my patch for bug 291384 in place, the output looks like this: < 0> rsa a55fc1ce4fed0b5cb53f68b21285b97a741d9563 Nelson's VeriSign ID < 1> rsa 17b85d343c492aec5b37f9d8589a9281a30302ae Nelson's VeriSign ID #2 < 2> rsa 837ff1744ee78d6788bc7de9fb89f3515cc05dd7 Nelson's Comodo cert The long hex string is the private key's KeyID in hex, and is present (or should be) even if there is no "friendly name". It will be possible to delete orphaned private keys with that value. > If the key has an accompanying cert, I believe it will list the > "nickname" of the cert next to the key # (as none of mine here do). I'm not certain, but I think that the fix for bug 353714 also fixes the problem where keys never seem to have nicknames. It's not in any release yet. I'd be interested in knowing if you still see that problem with a tip-of-trunk build. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
