I wrote:
> The message to users was (and still is), if you want to export your
> private key, PKCS#11 is the answer.
er. make that #12. Unlike PKCS#8, which for a long time (and maybe still
today) implied unencrypted storage of private keys, PKCS#12 has been
associated with encrypted storage of p
Arshad Noor wrote, On 2009-04-23 20:11:
> Nelson Bolyard wrote:
>> The NSS team participated in the process of defining PKCS#12 precisely
>> to avoid the security trap of exporting private keys in PKCS#8 format.
>> Avoiding that trap is precisely why PKCS#12, and not PKCS#8, is THE only
>> format f
Andriy Zakharchuk wrote, On 2009-04-24 02:39:
>>> <0> AAA-update-key
>>> <1> BBB-update-key
>>> <2> CCC-update-key
>> It that literally what you see? Or do you see output with some long
>> strings of hexadecimal characters, e.g.
>> <0> 0549d7e3a1b3c5d7f89 [...]
> Yes, I see symbolic names, no
While it may be technically feasible, Jean-Marc, it would create a
lot of confusion for users, developers and system administrators to
see a P12 file on their file-system that would not have a digital
certificate in it.
I suspect this is the primary reason why the PKCS specs have a #8
specificati
Arshad Noor wrote:
The reason we use the PKCS#8 format is only because, in the multi-step
process of generating a key-pair, creating a CSR and getting a digital
certificate from an internal/external CA, the private-key needs to be
temporarily stored securely until a CA issues the digital certific
Hello Nelson,
thank you for so detailed answer. Please see my comments/answers below.
I have a keys database file (key3.db) and need to export a private key
from it, but can not do this.
What version of the NSS utilities are you using? version 3.??.??
I believe I use version 3.11, however I
Nelson,
I'm afraid PKCS#8 *does* allow for protecting private-keys with
passwords, but you have to explicitly choose the ASN type when
creating the file. Details can be found at:
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-8.asc
While NSS itself has no use for the PKCS#8 format (since it sto
Kyle Hamilton wrote, On 2009-04-23 14:02:
> Is there a pk1util that would allow for PKCS#1 management? I think
> that would be more useful than requiring a self-signed public key
> wrapper for pk12util.
Private key storage is not within the scope of PKCS#1.
It is covered by PKCS#8. NSS supports
Is there a pk1util that would allow for PKCS#1 management? I think
that would be more useful than requiring a self-signed public key
wrapper for pk12util.
-Kyle H
On Thu, Apr 23, 2009 at 1:45 PM, Nelson B Bolyard wrote:
> Andriy Zakharchuk wrote, On 2009-04-23 12:07:
>> Hello all,
>>
>> I have
Andriy Zakharchuk wrote, On 2009-04-23 12:07:
> Hello all,
>
> I have a keys database file (key3.db) and need to export a private key
> from it, but can not do this.
What version of the NSS utilities are you using? version 3.??.??
> certutil.exe -L -d .
>
> gives empty output (empty line) and
10 matches
Mail list logo
