> Mountie Lee wrote: >> Thanks Eddy. >> >> in IE >> the service provider can choose the private key can be exportable or not. >> >> the manual configuration is not so attractive for service provider.
On 2010-04-08 04:14 PST, Anders Rundgren wrote: > Hi Mountie, > A service provider cannot specify *anything* regarding key protection > using Firefox. Anders, I think Mountie was referring to "Crypto Service Provider" (CSP), which is Microsoft's name for software modules that follow Microsoft's alternative that is approximately equivalent to the PKCS#11 standard. A PKCS#11 CSP can indeed choose to make private keys exportable or not. A FIPS mode CSP will generally make private keys unexportable. NSS's NON-FIPS PKCS#11 CSP can also make non-exportable keys, IIRC, but Firefox offers no option to set that attribute on new keys when creating or importing them. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
