Thanks Robert. I will follow your suggestion and iterate over the list and use the context to filter out cert before comparing the SPKIs. -- Subrata
Robert Relyea wrote: > Subrata Mazumdar wrote: >> Hi, >> is there any way I can find the certificate associated with a public >> key using >> the SubjectPublicKeyInfo (CERTSubjectPublicKeyInfo)? >> >> I am looking for public API and not too low level. >> I looked in the .../nss/certdb/cert.h and >> .../nss/pk11wrap/pk11pub.h files - couldn't find anything appropriate. >> >> Also, is there anyway I can find the private key using info in >> SubjectPublicKeyInfo if the related private key exists in the key DB? >> If I can find the private key then I can use >> PK11_GetCertFromPrivateKey() method to find the related cert. >> > > Sigh, Certificates are indexed by public key (which is what's in a > SPKI structure), at least not directly. > > Private Keys have a potential index (the CKA_ID value is often a hash > of a unique compenent of the public key), but that's not guarrenteed. > > Probably the best what is to use PK11_TraverseSlotCerts and compare > the cert's SPKI with your SPKI. Not really the best way if you need to > do this a lot. > > You could also use PK11_ListCerts, looking for just the user certs, > which should give you a smaller list than PK11_TraverseSlotCerts. > > > bob > >> Thanks. >> -- >> Subrata >> _______________________________________________ >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
