On 01/13/2015 09:58 AM, Robert Daniels wrote: > I also need to serialize private keys in the same fashion. Any hints greatly > appreciated.
By design NSS prohibits access to private keys therefore you cannot serialize private keys. However, you can export a cert/key pair in PKCS12 format. See nss.pkcs12_export. There isn't an example python program for pkcs12 but there is a unit test, see test/test_pkcs12.py. Because it's a unit test it's not a simple straight forward example but it does illustrate using other command line tools which are used to verify the pkcs12 operation. OpenSSL does permit extracting a key from a PKCS12 file, so once you've extracted the key/cert to a .p12 file you can use OpenSSL to get the key. Note, there is no need to use python-nss to extract a cert/key from a NSS database, you can use the pk12util command line utility directly. FWIW the pkcs12 implementation in python-nss pretty much mirrors what pk12util is doing using essentially the same NSS entry points. -- John -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
