On 19 sep, 18:14, Kaspar Brand <[EMAIL PROTECTED]> wrote: > > Using NSS PKCS12 API, is there any way to generate a p12 file that > > includes just the personal certificate and the key I want, keeping > > the intermediate and root CAs for that cert away of the file? > > Yes, AFAICT. You can't use SEC_PKCS12AddCertAndKey(), however, because > this will unconditionally add the chain. What you would do instead is > call SEC_PKCS12AddCert() and SEC_PKCS12AddKeyForCert() separately, and > call the former with "includeCertChain" set to PR_FALSE. > > The code in pk12util might be useful as a starting point - > seehttp://mxr.mozilla.org/mozilla/source/security/nss/cmd/pk12util/pk12u.... > > Kaspar
Yes, That was the first thing I tried, but when loading my component, Firefox panicked and kicked it off. I read the elf headers for every shared library distributed with firefox and the symbol SEC_PKCS12AddCertAndKey was defined, but SEC_PKCS12AddCert and SEC_PKCS12AddKeyForCert weren't (neither the function that derives key thumbprint from the cert). I was using a pre-compiled firefox 2.0 distribution, directly downloaded from the mozilla site. I guess which are the reasons for hiding these symbols and if there's . Thanks for your help anyway. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
