Subrata Mazumdar wrote, On 2008-09-27 06:33: > Nelson, thanks very much for the clear answer - I did not realize that > the Mozilla NSS does not support PKCS#8. I also agree with you that > PKCS#12 format is the right way to import/export keys. The problem is > that a large number of OpenSSL based applications still use separate > files for private key and public key cert.
OpenSSL can make a PKCS#12 file out of those separate PEM files for certs and keys, I believe. > Actually, the problem is even worse - some of the applications use > unencrypted private key That is precisely why NSS does not support PKCS#8 files. Applications that generate private keys and then just leave them lying around in unprotected files are having fun with cryptography, but aren't serious about security. NSS is serious about security. > or OpenSSL specific encrypted PEM file (generated using 'openssl rsa' > command). OpenSSL can convert those to PKCS#12 files, I believe. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
