Hi,
Given that my PKCS 12 file doesn't contain any 'friendlyName' attribute
in it,
nor my certificate DB doesn't have any certificate which has the same
subject name with my PKCS12.
If I use Firefox to import my PKCS 12 file, the nickname would become
"Imported Certificate # N",
(By using certutil -L -d path to find out)
On the other hand,
if I use pk12util or Chromium to do that, it would show 'Certificate
name' - 'Orginazation Name' .
So my first question is why Firefox uses this 'Imported Certificate # N'
pattern ?
And this also bring my second question:
Does it make sense that user can choose the nickname by himself when the
nicknameCb parameter in SEC_PKCS12DecoderValidateBag [1] is called ?
(I use nicknameCb here to try to make my question easier and clearer,
as I found out NSS will try to match the subject name of my PKCS 12
with the certificates stored in it first)
If I understand the nickname in NSS correcly, the nicknameCb would be
called when :
The subject name of the pkcs12 doesn't match any subject name of the
certificates already stored in the DB.
And if one of the following is true
(a) The pkcs 12 doesn't have an attribute 'friendlyName' set.
(b) The pkcs 12 has a 'friendlyName' attribute, but the
friendlyName is already used as nickname for some certificate stored in
the DB.
And my final question is does it make sense that user can 'update' the
existing nickname stored in the DB?
I didn't find this functionalities in certuil and I think it's not do-able,
but I would like to know why we cannot update it?
Thanks
[1]
http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/pkcs12/p12d.c#2753
--
Yoshi Huang, Mozilla Taiwan
allstars....@mozilla.com
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
