Hi,
Is it possible to import the PKCS#8 file for private key together with
the related X.509 cert file using PK11_ImportEncryptedPrivateKeyInfo()?
I have tried and was not successful.
The PKCS#8 file was created using the
PK11_ExportEncryptedPrivateKeyInfo(). The PKCS#8 file is valid one - I
tested it with OpenSSL.
Here is the code fragment that I have used :
CERTCertificate* keyCert = ....;
SECItem* publicValue = NULL;
SECKEYPublicKey* pubKey = CERT_ExtractPublicKey(keyCert);
KeyType keyType = pubKey->keyType;
publicValue = CERT_getPublicValueAndType(pubKey, &keyType); //
My code
unsigned int keyUsage = keyCert->keyUsage;
SECItem pkcs8Pw; // Initialized with uuencoded password
SECKEYEncryptedPrivateKeyInfo* encPrivateKeyInfo = NULL;
//initialized with PKCS#8 data
PRBool isPerm = PR_TRUE;
PRBool isPrivate = PR_TRUE;
PK11SlotInfo* slot = PK11_GetInternalSlot();
srv = PK11_ImportEncryptedPrivateKeyInfo(
slot,
encPrivateKeyInfo, &pkcs8Pw,
&nicknameItem,
publicValue,
isPerm, isPrivate,
keyType, keyUsage,
NULL // I made sure that I am already
authenticated to the token
);
Thanks.
--
Subrata
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
