Subrata Mazumdar wrote, On 2008-09-29 19:20: > Bob, > I implemented the importing and exporting of private key from PKCS#8 > file using NSS API. > Here is what I found based on my testing : > > Using Mozilla NSS API, I can only import/export private key in PKCS#8 > format with > "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc" encryption algorithm. > I would like to support other encryption algorithms supported by OpenSSL.
Easily done by using PKCS#12 files. > Using NSS-API, I can import private key from OpenSSL generated PEM file > (openssl rsa ...) with DES-EDE3-CBC (-des3 option) encryption only. > But, I cannot read the private key from Mozilla NSS API generated PEM > file using the OpenSSL API because NSS uses 16 byte salt for encryption > but the OpenSSL API expects 8 byte salt. Right, The PKCS#8 support isn't there. It's absence is not a mere oversight. You can wrestle with that problem until the cows come home, or you can go with something that is supported today, PKCS#12 files. If you switch to using PKCS#12 files, you'll be done by noon tomorrow. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
