Arshad Noor wrote:
The reason we use the PKCS#8 format is only because, in the multi-step process of generating a key-pair, creating a CSR and getting a digital certificate from an internal/external CA, the private-key needs to be temporarily stored securely until a CA issues the digital certificate.
It's technically feasible (it does not break the format) to create a private key only pkcs#12, but I don't know if the NSS API around pkcs#12 supports it.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
