On 11/14/2012 11:33 AM, Gustavo Homem wrote:
Hi,
There is another NSS tool named "sdrtest". Maybe that tool can help
you?
After preparing a fresh database, I ran:
sdrtest -t foo -d /tmp/sdr/ -o /tmp/bar
Afterwards symkeyutil listed a key, I'd hope that key has the correct
type, could you test?
It *does* work and doesn't need certutil before hand. Amazing input Kai.
Let me get a blog post in shape to share this in a more structured way.
Many thanks!
Gustavo
In general, bare keys are not very useful in NSS. Keys are generated
with certificates.
Unfortunately TB doesn't have a very good way to get certificates
itself. The easiest thing is to get a certificate using Firefox and
export it to a .pk12 file, then import it with thunderbird.
You can use certutil to generate a certificate request, which you can
programmaticly send to a CA. You can import the resulting cert into the
database with certutil. NOTE: a private key is generated as a side
effect of the certificate request.
You can programmaticly import and export .p12 files with p12util.
The key generated by sdrtest is a symmetric key. Unforunately there
currently are no tools that help you backup and restore symmetric keys.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
