Eddy Nigg wrote:
On 12/27/2008 12:44 AM, Subrata Mazumdar:
A related question:
Is it possible to configure the NSS Soft-Token associated with the
internal slot like smart-card based token so that the private key key
cannot be exported out of the token?
If not, would it be useful feature to support?
Even in the token case, this is only true if the key was generated in
the token. If 'key recovery' is turned on, NSS generates the key in
softoken and writes it to the token (after wrapping it with the escrow
key).
So it turns out even with crmf, escrow does not happen quietly. If the
CA requests a key be escrowed, the user is notified:
http://mxr.mozilla.org/firefox/source/security/manager/ssl/src/nsCrypto.cpp#1905
bob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
