> On Wed, 2012-11-14 at 15:15 +0000, Gustavo Homem wrote: > > So I need to find out how to call libnss se actually generate a key > > for key3.db. But I'm half amazed that it isn't possible via > > certutil or other CLI interface. > > We'll see, maybe it is, but first we need to identify exactly what > you > want to do. >
OK, great. > > > > Mozilla's application passwords aren't stored in key3.db. Rather, > > > key3.db contains a symmetric key for symmetric encryption. > > > > > > > Precisely. That's what I want to generate programatically. > > Have you seen "symkeyutil" provided by NSS? You get it if you build > NSS > on its own. > > It might not be built by default from within the Mozilla application > builds - but you should be able to build it by extending > mozilla/security/build/Makefile.in appropriately (add new rules > similar > to certutil). > > Use "symkeyutil -d directory -L" to see a list of keys contained in a > NSS DB. > > -H for help > > -K to generate a new key. Look at the Mozilla and the list output to > deduce what parameters you need. > Hmm, this looks very interesting. I will try to build symkeyutil and look at the parameters. I also found this: http://www.mozilla.org/projects/security/pki/nss/sample-code/sample6.html Is it equivalent? Cheers Gustavo -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
