Robert Relyea wrote:
> Subrata Mazumdar wrote:
>> Bob,
>> I implemented the importing and exporting of private key from PKCS#8
>> file using NSS API.
>> Here is what I found based on my testing :
>>
>> Using Mozilla NSS API, I can only import/export private key in PKCS#8
>> format with "PKCS12
Mi comments inline
Robert Relyea wrote:
> Subrata Mazumdar wrote:
>> Bob,
>> I implemented the importing and exporting of private key from PKCS#8
>> file using NSS API.
>> Here is what I found based on my testing :
>>
>> Using Mozilla NSS API, I can only import/export private key in PKCS#8
>> fo
I was able to export a PKCS #8 encrypted key with either
SEC_OID_DES_EDE3_CBC or
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
which OpenSSL reads, I did not try other algorithms at the.
A somewhat sanitized extract of the pertinent function follows:
--
Subrata,
Subrata Mazumdar wrote:
>
>
> Wan-Teh Chang wrote:
>> On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard
>> <[EMAIL PROTECTED]> wrote:
>>
>>> Subrata Mazumdar wrote, On 2008-09-27 06:33:
>>>
Actually, the problem is even worse - some of the applications use
unencrypted
Subrata Mazumdar wrote:
Bob,
I implemented the importing and exporting of private key from PKCS#8
file using NSS API.
Here is what I found based on my testing :
Using Mozilla NSS API, I can only import/export private key in PKCS#8
format with
"PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc"
Nelson B Bolyard wrote:
> [...]
> What about that problem necessitates the use of PKCS#8?
> On what stone is it chiseled that servers must read private keys from
> PKCS#8 files every time they start up?
It makes sense to limit the number of formats used, and to say the
private key and the cert sh
Nelson B Bolyard wrote:
> [...]. Applications
> that generate private keys and then just leave them lying around in
> unprotected files are having fun with cryptography, but aren't serious
> about security. NSS is serious about security.
Using passwords stored in configuration files is being ser
Subrata Mazumdar wrote, On 2008-09-29 19:20:
> Bob,
> I implemented the importing and exporting of private key from PKCS#8
> file using NSS API.
> Here is what I found based on my testing :
>
> Using Mozilla NSS API, I can only import/export private key in PKCS#8
> format with
> "PKCS12 V2 PBE
Wan-Teh Chang wrote, On 2008-09-29 10:18:
> On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>> Subrata Mazumdar wrote, On 2008-09-27 06:33:
>>> Actually, the problem is even worse - some of the applications use
>>> unencrypted private key
>> That is precisely why NSS d
Bob,
I implemented the importing and exporting of private key from PKCS#8
file using NSS API.
Here is what I found based on my testing :
Using Mozilla NSS API, I can only import/export private key in PKCS#8
format with
"PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc" encryption algorithm.
I wo
Wan-Teh Chang wrote:
> On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>
>> Subrata Mazumdar wrote, On 2008-09-27 06:33:
>>
>>> Actually, the problem is even worse - some of the applications use
>>> unencrypted private key
>>>
>> That is precisely why
Subrata Mazumdar wrote:
Nelson,
thanks very much for the clear answer - I did not realize that the
Mozilla NSS does not support PKCS#8.
I also agree with you that PKCS#12 format is the right way to
import/export keys.
The problem is that a large number of OpenSSL based applications still
use
On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> Subrata Mazumdar wrote, On 2008-09-27 06:33:
>>
>> Actually, the problem is even worse - some of the applications use
>> unencrypted private key
>
> That is precisely why NSS does not support PKCS#8 files. Applications
Subrata Mazumdar wrote, On 2008-09-27 06:33:
> Nelson, thanks very much for the clear answer - I did not realize that
> the Mozilla NSS does not support PKCS#8. I also agree with you that
> PKCS#12 format is the right way to import/export keys. The problem is
> that a large number of OpenSSL ba
Nelson,
thanks very much for the clear answer - I did not realize that the
Mozilla NSS does not support PKCS#8.
I also agree with you that PKCS#12 format is the right way to
import/export keys.
The problem is that a large number of OpenSSL based applications still
use separate files
for private
Subrata Mazumdar wrote, On 2008-09-26 07:19:
> Hi,
> I am having problem in reading PKCS#8 file generated by OpenSSL command
> line tool ("opnessl pkcs8").
Officially, import and export of pkcs#8 files is not supported in NSS.
You may or may not be able to get it to work, but because of the
secur
Hi,
I am having problem in reading PKCS#8 file generated by OpenSSL command
line tool ("opnessl pkcs8").
OpenSSL supports a number of encryption algorithms with option v1 and v2
(http://www.openssl.org/docs/apps/pkcs8.html).
I can only successfully read the PKCS#8 file generated using enryption
17 matches
Mail list logo
