Dave Townsend wrote, On 2008-05-28 12:41: > Nelson B Bolyard wrote: >> Dave Townsend wrote, On 2008-05-28 10:46: >>> I am writing code that exports and imports private keys from the >>> internal key slot (using an EncryptedPrivateKeyInfo structure). I have >>> the export working, the files written out seem to be readable by openssl >>> so I think that side is fine. >>> >>> The problem comes on import. If the key slot already contains the same >>> private key that is being imported then >>> PK11_ImportDERPrivateKeyInfoAndReturnKey returns a failure. The failure >>> is a generic SECFailure so I cannot tell if it failed because the key >>> already existed or if the data itself was faulty in some way. In >>> addition some properties of the key that already exists are changed by >>> the import (the nickname f.e.). >> Did you check the error code by calling PORT_GetError or PR_GetError? >> What error code did you get? > > Ah no I did not. That is coming out as -8190, SEC_ERROR_BAD_DATA, which > seems strange. The data definately seems correct as the import works > fine when the key is not there.
Hmm. Appears to me that attempting to import a private key that is already imported should just work. It should report that it succeeded and return a handle on the existing private key, rather than creating a duplicate. But your report suggests that may not be working as intended. Got a simple test case? What version of NSS are you using? (Maybe it's a regression in NSS 3.12.x) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
