On Jul 15, 2014, at 11:05 PM, Chuck Lee <chu...@mozilla.com> wrote: > > Yes, but it doesn't work because it also calls PK11_ExportPrivKeyInfo() to > get the RSA private key info.
Why is this a problem? PK11_ExportDERPrivateKeyInfo() works fine for WebCrypto. Are you building in some other context than gecko? --Richard > Now I am trying to decrypt key exported by PK11_ExportEncryptedPrivKeyInfo() > with method SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 directly, which > seems to be the most simple method to decrypt. > > 於 2014/7/16 上午 01:59, Richard Barnes 提到: >> Have you tried exporting with PK11_ExportDERPrivateKeyInfo? That's what >> WebCrypto uses to export keys in PKCSD#8 format: >> <http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoKey.cpp?#333> >> >> >> >> On Jul 13, 2014, at 10:48 PM, Chuck Lee <chu...@mozilla.com> wrote: >> >>> Hi all, >>> I am now working on supporting PKCS#12 format key on Firefox OS's Wifi >>> module [1]. >>> Because current PSM/NSS API doesn't fit the requirement of UX(assigning >>> nickname of imported certificates) and gonk(wpa_supplicant needs to read >>> private key in RSA format), I have to do some hack to NSS API and implement >>> the function on my own. >>> >>> Now I can import PKCS#12 format correctly, as described in bug comment, >>> but can't export the private key in the format wpa_supplicant requires - I >>> can only get encrypted private key PKCS#8 format(by >>> PK11_ExportEncryptedPrivKeyInfo), but can't in RSA format(by >>> PK11_ExportPrivKey, it said lack of some attributes like private exponent) >>> And I fount that, by using openssl, that I can get expected RSA private >>> key by decrypting the PKCS#8 private key. >>> I tried to decrypte it by PK11_Decrypt() but it doesn't work so far. >>> >>> So I like to ask how to decrypt a PKCS#8 private key by NSS API? >>> Or is there anther way to get private key in RSA format from NSS? >>> >>> Thanks. >>> >>> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1012549 >>> -- >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
