Subrata Mazumdar wrote:
I believe Elio has some sample code that can import and export *wrapped* PKCS #8 keys stored in Pem format. Unwrapped keys are not considered safe. To support them you would need to manually encrypt/decrypt the wrapped keys. NSS does not have an interface to release unencrypted keys and applications are strongly discouraged from using them. Even openssl prefers encrypted to unencrypted keys.Nelson,thanks very much for the clear answer - I did not realize that the Mozilla NSS does not support PKCS#8. I also agree with you that PKCS#12 format is the right way to import/export keys. The problem is that a large number of OpenSSL based applications still use separate files for private key and public key cert. Actually, the problem is even worse - some of the applications use unencrypted private key or OpenSSL specific encrypted PEM file (generated using 'openssl rsa' command).Any way, thanks once again.
bob
-- Subrata Nelson Bolyard wrote:Subrata Mazumdar wrote, On 2008-09-26 07:19:Hi,I am having problem in reading PKCS#8 file generated by OpenSSL command line tool ("opnessl pkcs8").Officially, import and export of pkcs#8 files is not supported in NSS. You may or may not be able to get it to work, but because of the security concerns of PKCS#8 files, NSS does not support them. PKCS#12 is the supported way to import or export private keys and their related certificates. If you have a problem with PKCS#12, you can get support from the NSS team. PKCS#12 is the one universally implemented private key transport method. OpenSSL also supports PKCS#12, and so does Windows._______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
